CVE-2025-71323
Received Received - Intake

picklescan Remote Code Execution via ctypes Module

Vulnerability report for CVE-2025-71323, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: VulnCheck

Description

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-07-08
AI Q&A
2026-06-17
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability allows attackers to achieve remote code execution by bypassing sandbox protections and executing arbitrary commands, which can lead to unauthorized access and potential compromise of sensitive data.

Such unauthorized access and system compromise could result in violations of data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and health information from unauthorized access and breaches.

Therefore, if exploited, this vulnerability could negatively impact an organization's compliance posture by exposing sensitive data or systems to attackers.

Executive Summary

CVE-2025-71323 is a critical vulnerability in picklescan versions before 0.0.33 where the ctypes module is not blocked as it should be. This flaw allows attackers to craft malicious pickle files that use ctypes.WinDLL to load kernel32.dll and execute arbitrary commands. Because ctypes enables direct syscalls and raw memory access, attackers can bypass sandbox protections and gadget chain detection, leading to remote code execution.

Impact Analysis

This vulnerability can have severe impacts as it allows unauthorized remote code execution on affected systems. Attackers can execute arbitrary commands, potentially compromising the entire system, bypassing security measures, and dismantling Python sandboxes. This could lead to data theft, system manipulation, or further exploitation.

Detection Guidance

This vulnerability involves malicious pickle files crafted to use the ctypes module to execute arbitrary commands by loading kernel32.dll. Detection involves monitoring for suspicious pickle files or unusual use of the ctypes module within pickle deserialization processes.

Since the vulnerability allows bypassing sandbox protections and gadget chain detection, standard detection tools may not flag these malicious pickle files. Therefore, detection should focus on identifying pickle files that import or use ctypes.WinDLL or other ctypes functions.

Suggested commands include scanning for pickle files that contain references to ctypes or kernel32.dll, for example using grep or similar tools:

  • grep -r --include='*.pickle' 'ctypes' /path/to/scan
  • grep -r --include='*.pickle' 'WinDLL' /path/to/scan
  • grep -r --include='*.pickle' 'kernel32.dll' /path/to/scan

Additionally, monitoring runtime behavior for unexpected calls to ctypes or loading of kernel32.dll during pickle deserialization can help detect exploitation attempts.

Mitigation Strategies

The primary mitigation step is to upgrade picklescan to version 0.0.33 or later, where this vulnerability has been patched.

Until the upgrade can be applied, avoid deserializing pickle files from untrusted or unauthenticated sources, as malicious pickle files can exploit this flaw to execute arbitrary code.

Implement additional sandboxing or isolation measures to restrict the execution environment of pickle deserialization processes, limiting their ability to load system libraries or execute syscalls.

Consider using alternative serialization formats that do not allow code execution, such as JSON, if possible.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71323. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart