CVE Catalog

CVE-2025-71376

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Summary

Picklescan before 0.0.29 fails to detect malicious pickle files, allowing attackers to embed undetected code in these files. This code can execute arbitrary commands when loaded by victims.

Risk Assessment

Organizations may be exposed to the execution of malicious code, leading to potential security breaches and data loss.

Recommendation

It is recommended to update picklescan to version 0.0.29 or later to mitigate this vulnerability.

Original NVD description (English source)

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS