CVE Catalog

CVE-2025-71350

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

Picklescan before version 0.0.28 fails to detect malicious pickle files using the torch.utils.collect_env.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

Risk Assessment

The organization is at risk of remote code execution (RCE) by loading a crafted pickle file, potentially leading to system compromise or data theft.

Recommendation

Immediately update picklescan to version 0.0.28 or later and avoid loading pickle files from untrusted sources.

Original NVD description (English source)

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS