CVE Catalog

CVE-2025-71357

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

A vulnerability in picklescan before version 0.0.30 allows bypassing detection of malicious pickle files. Attackers can use the idlelib.pyshell.ModifiedInterpreter.runcommand method in reduce functions to hide code that executes remote commands when the file is loaded by the victim.

Risk Assessment

The organization is at risk of remote code execution (RCE) by loading a crafted pickle file, which could lead to system compromise or data theft.

Recommendation

Immediately update picklescan to version 0.0.30 or later. Before updating, it is recommended to stop processing pickle files from untrusted sources.

Original NVD description (English source)

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS