CVE-2025-71345
Received Received - Intake

Picklescan Remote Code Execution via Undetected Malicious Pickle Files

Vulnerability report for CVE-2025-71345, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-71345 is a vulnerability in picklescan versions before 0.0.30 that fails to detect malicious pickle files invoking the PyTorch function torch.utils.bottleneck.__main__.run_autograd_prof.

Attackers can embed malicious code in these pickle files that executes during deserialization, allowing arbitrary remote code execution.

This occurs because picklescan does not detect the use of this specific function in the pickle file, which can be exploited to run harmful code when the pickle is loaded.

Impact Analysis

This vulnerability can lead to remote code execution on systems that use picklescan to verify pickle files before loading them.

Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when deserialized, potentially compromising the affected system.

It poses a supply chain risk, especially for organizations or individuals relying on picklescan to check PyTorch models, APIs, or saved Python objects, as infected pickle files could be distributed and executed unknowingly.

Detection Guidance

This vulnerability involves malicious pickle files that invoke the function torch.utils.bottleneck.__main__.run_autograd_prof, which picklescan versions before 0.0.30 fail to detect.

To detect this vulnerability, you should scan pickle files using picklescan version 0.0.30 or later, as earlier versions do not detect this malicious invocation.

A typical command to scan a pickle file would be:

  • picklescan path/to/your_pickle_file.pkl

If you are using an older version of picklescan, it may not detect the malicious payload. Therefore, ensure your picklescan tool is updated before scanning.

Mitigation Strategies

The primary mitigation step is to update picklescan to version 0.0.30 or later, which includes detection for this specific malicious pickle payload.

Additionally, avoid loading pickle files from untrusted or unauthenticated sources, especially those that may invoke PyTorch functions during deserialization.

Consider implementing strict validation and scanning of all pickle files before deserialization to prevent remote code execution.

Compliance Impact

CVE-2025-71345 allows remote code execution through malicious pickle files that bypass detection in picklescan versions before 0.0.30. This vulnerability poses a supply chain risk by enabling attackers to distribute infected pickle files via machine learning models, APIs, or saved Python objects.

Such unauthorized code execution can lead to unauthorized access, data breaches, or manipulation of sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive information.

Organizations relying on picklescan for security in their ML workflows or Python object handling should update to version 0.0.30 or later to mitigate this risk and help maintain compliance with these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71345. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart