CVE-2025-71355
Received Received - Intake

Picklescan Numpy Global Function Bypass in Deserialization

Vulnerability report for CVE-2025-71355, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: VulnCheck

Description

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring within the reduce method to import dangerous libraries like os and execute arbitrary OS commands when the pickle file is loaded.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
numpy numpy *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Picklescan versions before 0.0.25, where it fails to detect unsafe global functions in the Numpy library during static analysis.

Attackers can exploit this by crafting malicious pickle files that use numpy.testing._private.utils.runstring within the reduce method to import dangerous libraries such as os.

When such a malicious pickle file is loaded, it can execute arbitrary OS commands, effectively allowing code execution during deserialization.

Impact Analysis

This vulnerability can allow attackers to execute arbitrary code on your system when a malicious pickle file is deserialized.

Such code execution can lead to unauthorized actions, including running OS commands, which may compromise system integrity, confidentiality, and availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71355. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart