CVE-2025-71322
Deferred Deferred - Pending Action

PickleScan Unsafe Globals Bypass Leads to Code Execution

Vulnerability report for CVE-2025-71322, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-17

Last updated on: 2026-06-18

Assigner: VulnCheck

Description

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-17
Last Modified
2026-06-18
Generated
2026-07-08
AI Q&A
2026-06-17
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-71322 is a vulnerability in PickleScan versions before 0.0.33 where the tool fails to include the pty.spawn function in its unsafe globals list.

This omission allows attackers to bypass PickleScan's security checks by crafting malicious pickle payloads that use pty.spawn.

When PickleScan processes files containing these payloads, arbitrary code execution can occur on the victim's system.

Impact Analysis

This vulnerability can have severe impacts including unauthorized arbitrary code execution on affected systems.

  • Attackers can bypass security restrictions in PickleScan to execute malicious code.
  • Malicious payloads can be embedded in files such as PyTorch models or ZIP archives, which when processed, compromise system confidentiality, integrity, and availability.
  • The attack requires no privileges and minimal user interaction, increasing the risk of exploitation.
Detection Guidance

Detection of this vulnerability involves identifying the use of PickleScan versions before 0.0.33 that process pickle payloads containing the pty.spawn function.

Since the vulnerability arises from malicious pickle payloads using pty.spawn to bypass unsafe globals checks, monitoring for suspicious pickle files or payloads that include pty.spawn usage is key.

Commands to detect this might include scanning files for pickle payloads that reference pty.spawn or checking the version of PickleScan installed.

  • Check PickleScan version: `picklescan --version` (ensure it is 0.0.33 or later)
  • Search for pickle files containing pty.spawn usage, for example using grep: `grep -r --include='*.pkl' 'pty.spawn' /path/to/scan`
  • Monitor logs or alerts for execution attempts involving pty.spawn within pickle processing workflows.
Compliance Impact

The vulnerability in PickleScan allows attackers to execute arbitrary code by bypassing security checks, which can lead to unauthorized access, modification, or disruption of data.

Such unauthorized actions can compromise the confidentiality, integrity, and availability of sensitive information, potentially causing non-compliance with data protection regulations like GDPR and HIPAA that require strict controls over data security and breach prevention.

However, the provided context and resources do not explicitly mention the impact of this vulnerability on compliance with specific standards or regulations.

Mitigation Strategies

The primary mitigation step is to upgrade PickleScan to version 0.0.33 or later, where the pty.spawn function is included in the unsafe globals list, preventing this bypass.

Until the upgrade is applied, avoid processing untrusted pickle files or payloads that could contain malicious pty.spawn usage.

Implement additional security controls such as sandboxing the environment where pickle files are processed to limit potential arbitrary code execution.

  • Upgrade PickleScan to version 0.0.33 or later.
  • Restrict or validate pickle files before processing, especially those from untrusted sources.
  • Use sandboxing or containerization to isolate pickle processing.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71322. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart