CVE-2025-71361
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
Picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().
Risk Assessment
Organizations may be exposed to remote code execution, leading to potential data loss or system takeover. Exploitation of this vulnerability could result in serious security implications.
Recommendation
It is recommended to update picklescan to version 0.0.29 or later to mitigate this vulnerability. Additionally, avoid loading pickle files from untrusted sources.
Original NVD description (English source)
picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().

