CVE-2025-71357
Analyzed Analyzed - Analysis Complete

Remote Code Execution in Picklescan via Malicious Pickle Files

Vulnerability report for CVE-2025-71357, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-21

Last updated on: 2026-06-26

Assigner: VulnCheck

Description

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-21
Last Modified
2026-06-26
Generated
2026-07-11
AI Q&A
2026-06-21
EPSS Evaluated
2026-07-10
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mmaitre314 picklescan to 0.0.30 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-71357 is a vulnerability in the picklescan library versions before 0.0.30 where the tool fails to detect malicious pickle files that use the Python function idlelib.pyshell.ModifiedInterpreter.runcommand within their reduce methods.

Attackers can craft pickle files embedding malicious code that executes remote commands when these files are loaded by victims using pickle.load(). Because picklescan does not detect this dangerous function, the malicious payload bypasses security checks.

This flaw allows attackers to perform remote code execution by exploiting the deserialization process of untrusted data.

Impact Analysis

This vulnerability can lead to remote code execution on systems that use picklescan to verify pickle files before loading them.

Attackers can distribute malicious pickle files that bypass detection, potentially compromising systems by executing arbitrary commands remotely.

This poses a significant risk especially for organizations relying on picklescan to secure machine learning models, APIs, or saved Python objects, enabling supply chain attacks.

Detection Guidance

This vulnerability can be detected by scanning pickle files for the presence of the idlelib.pyshell.ModifiedInterpreter.runcommand method used in reduce methods, which picklescan versions before 0.0.30 fail to detect.

To detect this on your system, you should use picklescan version 0.0.30 or later, which includes the patch for this vulnerability.

A suggested command to scan a pickle file would be:

  • picklescan --file suspicious_pickle_file.pkl

If you are using an older version of picklescan, it is recommended to upgrade first, as earlier versions do not detect this malicious payload.

Mitigation Strategies

The immediate mitigation step is to upgrade picklescan to version 0.0.30 or later, where this vulnerability has been patched.

Additionally, avoid loading pickle files from untrusted or unauthenticated sources, as malicious code can execute upon deserialization.

Implement strict validation and scanning of pickle files before loading them in your environment.

Compliance Impact

The vulnerability CVE-2025-71357 allows attackers to execute arbitrary remote code by embedding malicious payloads in pickle files that are not detected by picklescan versions before 0.0.30. This can lead to unauthorized access or manipulation of data when such pickle files are loaded.

Such unauthorized code execution and potential data compromise can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.

Organizations relying on picklescan for security checks may be exposed to supply chain attacks or data breaches if malicious pickle files are loaded, thereby risking violations of data protection and privacy regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71357. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart