CVE-2025-71344
Deferred Deferred - Pending Action

picklescan Arbitrary Code Execution via ensurepip._run_pip

Vulnerability report for CVE-2025-71344, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-22

Last updated on: 2026-06-23

Assigner: VulnCheck

Description

picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip._run_pip calls in __reduce__ methods bypass picklescan detection and achieve remote code execution upon pickle.load() invocation.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-22
Last Modified
2026-06-23
Generated
2026-07-13
AI Q&A
2026-06-23
EPSS Evaluated
2026-07-11
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
picklescan picklescan to 0.0.30 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves picklescan versions 0.0.26 and earlier failing to detect malicious pickle files that embed the ensurepip._run_pip function in their __reduce__ methods. Detection involves scanning pickle files for this specific function call.

To detect this vulnerability on your system, you should verify the version of picklescan installed and scan pickle files for the presence of ensurepip._run_pip calls within __reduce__ methods.

Since picklescan versions before 0.0.30 do not detect this, upgrading to version 0.0.30 or later is recommended for accurate detection.

While no explicit commands are provided in the resources, a general approach would be to use picklescan to scan pickle files, for example:

  • Run `picklescan <pickle_file>` to scan a pickle file for malicious content.
  • Check the picklescan version with `picklescan --version` to ensure it is 0.0.30 or later.
Mitigation Strategies

The primary mitigation step is to upgrade picklescan to version 0.0.30 or later, where the detection of ensurepip._run_pip in pickle files has been fixed.

Avoid loading pickle files from untrusted or unauthenticated sources, as malicious pickle files can execute arbitrary code upon unpickling.

Review and restrict the use of pickle.load() on files that have not been verified or scanned with an updated picklescan version.

Executive Summary

This vulnerability exists in picklescan versions 0.0.26 and earlier, where the tool fails to detect the built-in function ensurepip._run_pip when scanning pickle files. Attackers can embed calls to ensurepip._run_pip within the __reduce__ methods of malicious pickle files. Because picklescan does not detect these calls, the malicious pickle files can bypass detection and execute arbitrary code remotely when the pickle.load() function is invoked.

Impact Analysis

This vulnerability can lead to remote code execution on systems that use picklescan to scan pickle files. An attacker can craft malicious pickle files that bypass detection and execute arbitrary code when loaded, potentially compromising the affected system's security and integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71344. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart