CVE-2025-71376
Deferred Deferred - Pending Action
Pickle File Command Injection in Picklescan

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: VulnCheck

Description
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2025-71376
EUVD
EUVD-2025-210308
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows attackers to execute arbitrary code by embedding malicious commands in pickle files that are not detected by picklescan before version 0.0.29. This can lead to unauthorized access or manipulation of sensitive data when such pickle files are loaded.

Such unauthorized code execution and potential data breaches could impact compliance with data protection regulations like GDPR and HIPAA, which require organizations to protect personal and sensitive information from unauthorized access and ensure data integrity.

Organizations relying on picklescan for security checks may be at risk of supply chain attacks or data compromise if they use vulnerable versions, potentially leading to violations of these standards.

Executive Summary

CVE-2025-71376 is a vulnerability in picklescan versions before 0.0.29 where the tool fails to detect malicious pickle files that use the Python function idlelib.autocomplete.AutoComplete.fetch_completions in their reduce methods.

Attackers can embed malicious code inside these pickle files, which then executes arbitrary commands when the pickle files are loaded by victims. This happens because picklescan does not recognize this function as a security risk during its safety checks, allowing the malicious code to bypass detection.

Impact Analysis

This vulnerability can lead to remote code execution when a victim loads a malicious pickle file that exploits the detection gap in picklescan.

  • Attackers can execute arbitrary commands on the victim's system.
  • It can be used in supply chain attacks by distributing infected pickle files through machine learning models, APIs, or saved Python objects.
  • Any organization or individual relying on picklescan for security is at risk of having malicious code executed unknowingly.
Detection Guidance

This vulnerability involves malicious pickle files that use the idlelib.autocomplete.AutoComplete.fetch_completions method in their reduce methods, which picklescan versions before 0.0.29 fail to detect.

To detect this vulnerability on your system, you should scan pickle files using picklescan version 0.0.29 or later, as earlier versions do not detect this malicious pattern.

A suggested command to scan a pickle file would be:

  • picklescan your_pickle_file.pkl

Ensure that you have updated picklescan to version 0.0.29 or later before running the scan, as earlier versions will not detect this vulnerability.

Mitigation Strategies

The immediate mitigation step is to upgrade picklescan to version 0.0.29 or later, where this vulnerability has been patched.

Additionally, avoid loading pickle files from untrusted or unauthenticated sources, as malicious code can execute upon deserialization.

Consider implementing additional security controls such as sandboxing the environment where pickle files are loaded or using alternative safer serialization formats.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71376. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart