CVE-2025-71375
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
Picklescan before version 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load().
Risk Assessment
The organization is at risk of remote code execution (RCE) by loading a crafted pickle file, potentially leading to system compromise or data theft.
Recommendation
Immediately update picklescan to version 0.0.34 or later and consider additional security measures when loading pickle files.
Original NVD description (English source)
picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load().

