CVE Catalog

CVE-2025-71361

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

Picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().

Risk Assessment

Organizations may be exposed to remote code execution, leading to potential data loss or system takeover. Exploitation of this vulnerability could result in serious security implications.

Recommendation

It is recommended to update picklescan to version 0.0.29 or later to mitigate this vulnerability. Additionally, avoid loading pickle files from untrusted sources.

Original NVD description (English source)

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS