CVE-2025-71365
Deferred Deferred - Pending Action
Picklescan Remote Code Execution via Numpy F2PY Crackfortran

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: VulnCheck

Description
picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2025-71365
EUVD
EUVD-2025-210306
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects picklescan versions before 0.0.33, where the tool fails to detect malicious pickle files that exploit the numpy.f2py.crackfortran.myeval function. Attackers can craft pickle files embedding this function through the reduce method, which picklescan does not detect. When such a malicious pickle file is loaded, it executes arbitrary code remotely.

Impact Analysis

If you use picklescan to scan pickle files, such as PyTorch models, this vulnerability allows attackers to bypass detection and execute arbitrary code on your system remotely. This can lead to unauthorized control, data compromise, or disruption of services.

Detection Guidance

This vulnerability involves malicious pickle files that evade detection by picklescan versions before 0.0.33, specifically those embedding the numpy.f2py.crackfortran.myeval function via the reduce method.

To detect this vulnerability, you should ensure you are using picklescan version 0.0.33 or later, as earlier versions fail to detect these malicious pickle files.

Since the vulnerability is related to deserialization of malicious pickle files, detection can involve scanning pickle files for suspicious use of the reduce method or the numpy.f2py.crackfortran.myeval function.

Specific commands are not provided in the available resources, but general detection steps include:

  • Update picklescan to version 0.0.33 or later and scan all pickle files using it.
  • Manually inspect pickle files for suspicious payloads involving numpy.f2py.crackfortran.myeval or unusual reduce method usage.
  • Monitor systems for unexpected code execution triggered by loading pickle files.
Mitigation Strategies

Immediate mitigation steps include upgrading picklescan to version 0.0.33 or later, which addresses the detection bypass vulnerability.

Avoid loading pickle files from untrusted or unauthenticated sources, as the vulnerability allows remote code execution when malicious pickle files are loaded.

Implement strict validation and scanning of pickle files before loading them into your systems.

Consider monitoring and restricting the use of deserialization functions in your environment to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71365. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart