CVE-2025-71361
Received Received - Intake
Remote Code Execution in Picklescan via Malicious Pickle Files

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: VulnCheck

Description
picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2025-71361
EUVD
EUVD-2025-210328
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
picklescan picklescan to 0.0.29 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-95 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability allows attackers to execute arbitrary code remotely when a malicious pickle file is loaded using pickle.load().

Such remote code execution can lead to unauthorized system commands being run, potentially compromising the affected system.

It poses a supply chain risk, as infected pickle files could be distributed through machine learning models, APIs, or saved Python objects, affecting users who load these files.

Executive Summary

CVE-2025-71361 is a vulnerability in the picklescan library versions before 0.0.29 where the tool fails to detect malicious payloads embedded in Python pickle files.

The flaw involves the use of the Python function idlelib.calltip.Calltip.fetch_tip, which can be exploited via the __reduce__ method in a crafted pickle file to execute arbitrary remote code when the pickle file is loaded.

Attackers can embed undetected payloads that execute commands on the victim's system, bypassing picklescan's detection mechanisms.

Detection Guidance

This vulnerability involves malicious payloads embedded in pickle files that execute arbitrary code when loaded via pickle.load(). Detection involves identifying pickle files that contain calls to idlelib.calltip.Calltip.fetch_tip, which picklescan versions before 0.0.29 fail to detect.

To detect this on your system, you can scan pickle files for suspicious __reduce__ method calls or specifically for the presence of idlelib.calltip.Calltip.fetch_tip usage.

While no explicit commands are provided in the resources, a practical approach includes:

  • Use an updated version of picklescan (>=0.0.29) to scan pickle files for malicious payloads.
  • Manually inspect pickle files with Python scripts that attempt to safely analyze the pickle contents without executing them, looking for references to idlelib.calltip.Calltip.fetch_tip.
  • Monitor network traffic for suspicious pickle file transfers, especially those that might contain serialized Python objects.
Mitigation Strategies

The primary mitigation step is to update picklescan to version 0.0.29 or later, where this vulnerability has been patched.

Additionally, avoid loading pickle files from untrusted or unauthenticated sources, as they may contain malicious payloads that execute arbitrary code.

Implement strict validation and scanning of pickle files before loading them in your environment.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71361. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart