CVE-2025-71340
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
The vulnerability in picklescan up to version 0.0.26 inclusive fails to detect malicious pickle files that use the `idlelib.pyshell.ModifiedInterpreter.runcode` method in the `__reduce__` function. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via `pickle.load()`, enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.
Risk Assessment
The organization is exposed to remote code execution (RCE) when loading malicious pickle files, which can lead to system compromise, data theft, or infection of models used in production environments.
Recommendation
Immediately update picklescan to version 0.0.30 or later. Before loading any pickle files from untrusted sources, scan them with the updated tool.
Original NVD description (English source)
picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.

