CVE-2025-71371
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
A vulnerability in picklescan before version 0.0.29 allows bypassing detection of malicious pickle files by using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that execute arbitrary code when loaded via pickle.load().
Risk Assessment
The organization is at risk of remote code execution (RCE) when processing trusted pickle files, potentially leading to system compromise, data theft, or further attack escalation.
Recommendation
Immediately update picklescan to version 0.0.29 or later. Additionally, avoid loading pickle files from untrusted sources and consider using safer serialization formats.
Original NVD description (English source)
picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load().

