CVE-2025-71342
Received Received - Intake

Picklescan Arbitrary Code Execution via Malicious Pickle Files

Vulnerability report for CVE-2025-71342, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves malicious pickle files that use the idlelib.run.Executive.runcode method in reduce functions, which picklescan versions before 0.0.30 fail to detect.

To detect this vulnerability on your system, you should scan pickle files using picklescan version 0.0.30 or later, as earlier versions do not detect this malicious usage.

A typical command to scan a pickle file would be:

  • picklescan path/to/file.pkl

If picklescan reports the file as safe, but you are using a vulnerable version, the file may still be malicious. Therefore, upgrading picklescan is critical.

Executive Summary

CVE-2025-71342 is a vulnerability in the picklescan library versions 0 and below 0.0.30. The issue arises because picklescan fails to detect malicious pickle files that use the Python function idlelib.run.Executive.runcode within reduce methods.

Attackers can exploit this flaw by embedding malicious code in pickle files that executes during the pickle.load operation. This allows remote code execution, particularly affecting PyTorch models and enabling supply chain attacks.

Impact Analysis

This vulnerability can lead to remote code execution when a malicious pickle file is loaded after passing picklescan's detection.

The impact includes the risk of attackers executing arbitrary code on your system, compromising PyTorch models, and enabling supply chain attacks through maliciously crafted pickle files distributed via machine learning models, APIs, or saved Python objects.

Mitigation Strategies

The primary mitigation step is to upgrade picklescan to version 0.0.30 or later, which includes detection for malicious pickle files using idlelib.run.Executive.runcode.

Additionally, avoid loading pickle files from untrusted sources using pickle.load(), as this can lead to remote code execution.

Implement strict validation and scanning of all pickle files before loading them in your environment, especially those used in PyTorch models or supplied through APIs.

Compliance Impact

The vulnerability allows attackers to execute remote code by embedding malicious code in pickle files that are not detected by picklescan before version 0.0.30. This can lead to unauthorized access or manipulation of data when these pickle files are loaded.

Such unauthorized code execution and potential data compromise could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive data and ensuring system integrity.

Specifically, the risk of supply chain attacks and remote code execution could lead to breaches of confidentiality and integrity, which are critical compliance requirements under these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart