CVE-2025-71344
Received Received - Intake
picklescan Arbitrary Code Execution via ensurepip._run_pip

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: VulnCheck

Description
picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip._run_pip calls in __reduce__ methods bypass picklescan detection and achieve remote code execution upon pickle.load() invocation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2025-71344
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
picklescan picklescan to 0.0.30 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in picklescan versions 0.0.26 and earlier, where the tool fails to detect the built-in function ensurepip._run_pip when scanning pickle files. Attackers can embed calls to ensurepip._run_pip within the __reduce__ methods of malicious pickle files. Because picklescan does not detect these calls, the malicious pickle files can bypass detection and execute arbitrary code remotely when the pickle.load() function is invoked.

Impact Analysis

This vulnerability can lead to remote code execution on systems that use picklescan to scan pickle files. An attacker can craft malicious pickle files that bypass detection and execute arbitrary code when loaded, potentially compromising the affected system's security and integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71344. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart