CVE-2025-71348
Received Received - Intake
Pickle File RCE via Undetected Torch Config Load

Publication date: 2026-06-21

Last updated on: 2026-06-21

Assigner: VulnCheck

Description
picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-21
Last Modified
2026-06-21
Generated
2026-06-21
AI Q&A
2026-06-21
EPSS Evaluated
N/A
NVD
CVE-2025-71348
EUVD
EUVD-2025-210291
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-71348 is a vulnerability in the picklescan library versions before 0.0.28 that fails to detect malicious pickle files crafted to exploit the torch.utils._config_module.load_config function. Attackers can embed arbitrary code within the reduce methods of these pickle files, which evades picklescan's detection but executes when the file is loaded using pickle.load(). This leads to remote code execution.

The vulnerability poses a supply chain risk because attackers can distribute infected pickle files through machine learning models, APIs, or saved Python objects, potentially compromising systems that rely on picklescan for security.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2025-71348 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can lead to remote code execution on your system if you load a malicious pickle file that bypasses picklescan's detection. Attackers can exploit this to execute arbitrary code, potentially compromising your system or network.

Since the attack vector involves supply chain attacks, malicious pickle files can be distributed through trusted sources such as machine learning models or APIs, increasing the risk of widespread impact.

Detection Guidance

This vulnerability involves malicious pickle files that evade detection by picklescan versions before 0.0.28, specifically when the pickle files invoke torch.utils._config_module.load_config within reduce methods.

To detect this vulnerability on your system, ensure you are using picklescan version 0.0.28 or later, which includes the patch to detect such malicious pickle files.

You can scan suspicious pickle files using picklescan with a command like:

  • picklescan scan <path_to_pickle_file>

Additionally, monitor for unexpected or unauthorized use of pickle.load in your environment, especially when loading PyTorch models or objects, as this is the point where malicious code executes.

Mitigation Strategies

The immediate mitigation step is to upgrade picklescan to version 0.0.28 or later, which contains the patch to detect malicious pickle files exploiting this vulnerability.

Avoid loading pickle files from untrusted or unauthenticated sources, especially those that may contain PyTorch objects or models.

Implement strict validation and scanning of all pickle files before loading them with pickle.load to prevent remote code execution.

Consider monitoring and restricting the use of pickle.load in your environment to reduce the risk of executing malicious code embedded in pickle files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71348. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart