CVE-2025-71325
Received Received - Intake
Parsing Logic Error in Picklescan Allows Malicious Pickle File Bypass

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: VulnCheck

Description
picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-71325
EUVD
EUVD-2025-210271
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mmaitre314 picklescan to 0.0.27 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-391 [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-71325 is a critical vulnerability in picklescan versions before 0.0.27 caused by a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes.

The function fails to correctly track arguments in the expected range, specifically ignoring arguments at position zero. This allows attackers to craft malicious pickle files with arguments at position zero that trigger unexpected exceptions.

As a result, these malicious pickle files can bypass security scanning by evading detection.

Impact Analysis

This vulnerability can have a significant impact by allowing attackers to bypass security scanning mechanisms that rely on picklescan.

Malicious pickle files crafted to exploit this flaw can evade detection, potentially leading to the execution of harmful or unauthorized code.

Because the vulnerability triggers unexpected exceptions during parsing, it undermines the reliability of security tools designed to detect malicious pickle files.

Given the high CVSS scores (9.3 in v4.0 and 9.8 in v3.1), this represents a severe risk to systems using vulnerable versions of picklescan.

Detection Guidance

This vulnerability affects the picklescan tool versions 0.0.27 and earlier, specifically in the _list_globals function's handling of STACK_GLOBAL opcodes. Detection involves using an updated version of picklescan that includes the fix for this parsing logic error.

To detect attempts to exploit this vulnerability, you should scan pickle files with the fixed picklescan version (later than 0.0.27). Since the vulnerability allows malicious pickle files to bypass detection by triggering unexpected exceptions, using an outdated picklescan version may fail to detect such files.

Suggested command to scan pickle files (assuming picklescan is installed and updated):

  • picklescan path/to/file.pkl

Monitoring network traffic for suspicious pickle file transfers or uploads can also help detect exploitation attempts, but no specific network commands are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade picklescan to a version later than 0.0.27, which includes the fix for the parsing logic error in the _list_globals function.

The fix involves correcting the argument tracking range in the STACK_GLOBAL opcode handling loop, ensuring all arguments are properly tracked and malicious pickle files cannot bypass detection.

Additionally, avoid processing or trusting pickle files from untrusted sources, as this vulnerability allows crafted pickle files to evade detection and potentially cause unexpected exceptions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71325. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart