CVE-2025-71357
Received Received - Intake
Remote Code Execution in Picklescan via Malicious Pickle Files

Publication date: 2026-06-21

Last updated on: 2026-06-21

Assigner: VulnCheck

Description
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-21
Last Modified
2026-06-21
Generated
2026-06-21
AI Q&A
2026-06-21
EPSS Evaluated
N/A
NVD
CVE-2025-71357
EUVD
EUVD-2025-210293
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-71357 is a vulnerability in the picklescan library versions before 0.0.30 where the tool fails to detect malicious pickle files that use the Python function idlelib.pyshell.ModifiedInterpreter.runcommand within their reduce methods.

Attackers can craft pickle files embedding malicious code that executes remote commands when these files are loaded by victims using pickle.load(). Because picklescan does not detect this dangerous function, the malicious payload bypasses security checks.

This flaw allows attackers to perform remote code execution by exploiting the deserialization process of untrusted data.

Impact Analysis

This vulnerability can lead to remote code execution on systems that use picklescan to verify pickle files before loading them.

Attackers can distribute malicious pickle files that bypass detection, potentially compromising systems by executing arbitrary commands remotely.

This poses a significant risk especially for organizations relying on picklescan to secure machine learning models, APIs, or saved Python objects, enabling supply chain attacks.

Detection Guidance

This vulnerability can be detected by scanning pickle files for the presence of the idlelib.pyshell.ModifiedInterpreter.runcommand method used in reduce methods, which picklescan versions before 0.0.30 fail to detect.

To detect this on your system, you should use picklescan version 0.0.30 or later, which includes the patch for this vulnerability.

A suggested command to scan a pickle file would be:

  • picklescan --file suspicious_pickle_file.pkl

If you are using an older version of picklescan, it is recommended to upgrade first, as earlier versions do not detect this malicious payload.

Mitigation Strategies

The immediate mitigation step is to upgrade picklescan to version 0.0.30 or later, where this vulnerability has been patched.

Additionally, avoid loading pickle files from untrusted or unauthenticated sources, as malicious code can execute upon deserialization.

Implement strict validation and scanning of pickle files before loading them in your environment.

Compliance Impact

The vulnerability CVE-2025-71357 allows attackers to execute arbitrary remote code by embedding malicious payloads in pickle files that are not detected by picklescan versions before 0.0.30. This can lead to unauthorized access or manipulation of data when such pickle files are loaded.

Such unauthorized code execution and potential data compromise can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.

Organizations relying on picklescan for security checks may be exposed to supply chain attacks or data breaches if malicious pickle files are loaded, thereby risking violations of data protection and privacy regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71357. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart