CVE-2025-71340
Deferred Deferred - Pending Action

picklescan Arbitrary Code Execution via Malicious Pickle Files

Vulnerability report for CVE-2025-71340, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-26

Assigner: VulnCheck

Description

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
picklescan picklescan 0.0.30

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify how the CVE-2025-71340 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves malicious pickle files that execute arbitrary code when loaded via pickle.load(), specifically exploiting the idlelib.pyshell.ModifiedInterpreter.runcode method in __reduce__ functions.

To detect this vulnerability, you should ensure you are using picklescan version 0.0.30 or later, as earlier versions (up to 0.0.26) fail to detect these malicious pickle files.

You can scan suspicious pickle files using the picklescan tool with a command like:

  • picklescan scan <path_to_pickle_file>

If you are using an older version of picklescan, upgrade it first to version 0.0.30 or later to detect these malicious files.

Additionally, monitoring network traffic or file systems for unexpected or untrusted pickle files being loaded by Python applications, especially those involving PyTorch models or saved Python objects, can help detect exploitation attempts.

Executive Summary

The vulnerability in picklescan versions through 0.0.26 involves a failure to detect malicious pickle files that use the idlelib.pyshell.ModifiedInterpreter.runcode method within their __reduce__ methods. This allows attackers to embed code in pickle files that executes arbitrary commands when the file is loaded using pickle.load().

This flaw enables supply chain attacks on PyTorch models and saved Python objects by allowing undetected malicious code execution during the deserialization process.

The issue is fixed in picklescan version 0.0.30.

Impact Analysis

This vulnerability can lead to arbitrary code execution when loading malicious pickle files, which can compromise the security of systems using picklescan to scan PyTorch models or saved Python objects.

Attackers can exploit this to perform supply chain attacks, potentially leading to unauthorized actions, data breaches, or system compromise.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade picklescan to version 0.0.30 or later, where the issue is fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71340. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart