CVE Catalog

CVE-2025-71365

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Summary

Picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.

Risk Assessment

Organizations may be at risk of executing malicious code due to loading crafted pickle files, potentially leading to severe security breaches and data loss.

Recommendation

It is recommended to update picklescan to version 0.0.33 or later to ensure protection against these malicious pickle files.

Original NVD description (English source)

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS