CVE Catalog

CVE-2025-71340

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

The vulnerability in picklescan up to version 0.0.26 inclusive fails to detect malicious pickle files that use the `idlelib.pyshell.ModifiedInterpreter.runcode` method in the `__reduce__` function. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via `pickle.load()`, enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.

Risk Assessment

The organization is exposed to remote code execution (RCE) when loading malicious pickle files, which can lead to system compromise, data theft, or infection of models used in production environments.

Recommendation

Immediately update picklescan to version 0.0.30 or later. Before loading any pickle files from untrusted sources, scan them with the updated tool.

Original NVD description (English source)

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS