CVE-2025-71341
HighCVSS 8.1Summary
Picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded.
Risk Assessment
Organizations may be exposed to remote code execution, which can lead to data loss, system integrity breaches, and potential financial losses.
Recommendation
It is recommended to update picklescan to version 0.0.29 or later to mitigate this vulnerability. Additionally, avoid loading pickle files from untrusted sources.
Original NVD description (English source)
picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded.

