CVE-2025-71361
Deferred Deferred - Pending Action

Remote Code Execution in Picklescan via Malicious Pickle Files

Vulnerability report for CVE-2025-71361, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: VulnCheck

Description

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-07-14
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
picklescan picklescan to 0.0.29 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-95 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability allows attackers to execute arbitrary code remotely when a malicious pickle file is loaded using pickle.load().

Such remote code execution can lead to unauthorized system commands being run, potentially compromising the affected system.

It poses a supply chain risk, as infected pickle files could be distributed through machine learning models, APIs, or saved Python objects, affecting users who load these files.

Executive Summary

CVE-2025-71361 is a vulnerability in the picklescan library versions before 0.0.29 where the tool fails to detect malicious payloads embedded in Python pickle files.

The flaw involves the use of the Python function idlelib.calltip.Calltip.fetch_tip, which can be exploited via the __reduce__ method in a crafted pickle file to execute arbitrary remote code when the pickle file is loaded.

Attackers can embed undetected payloads that execute commands on the victim's system, bypassing picklescan's detection mechanisms.

Detection Guidance

This vulnerability involves malicious payloads embedded in pickle files that execute arbitrary code when loaded via pickle.load(). Detection involves identifying pickle files that contain calls to idlelib.calltip.Calltip.fetch_tip, which picklescan versions before 0.0.29 fail to detect.

To detect this on your system, you can scan pickle files for suspicious __reduce__ method calls or specifically for the presence of idlelib.calltip.Calltip.fetch_tip usage.

While no explicit commands are provided in the resources, a practical approach includes:

  • Use an updated version of picklescan (>=0.0.29) to scan pickle files for malicious payloads.
  • Manually inspect pickle files with Python scripts that attempt to safely analyze the pickle contents without executing them, looking for references to idlelib.calltip.Calltip.fetch_tip.
  • Monitor network traffic for suspicious pickle file transfers, especially those that might contain serialized Python objects.
Mitigation Strategies

The primary mitigation step is to update picklescan to version 0.0.29 or later, where this vulnerability has been patched.

Additionally, avoid loading pickle files from untrusted or unauthenticated sources, as they may contain malicious payloads that execute arbitrary code.

Implement strict validation and scanning of pickle files before loading them in your environment.

Compliance Impact

The provided information does not specify how CVE-2025-71361 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71361. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart