CVE-2025-71347
Received Received - Intake

picklescan Arbitrary Code Execution via Malicious Pickle Files

Vulnerability report for CVE-2025-71347, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary code execution in applications loading untrusted pickle data.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects picklescan versions before 0.0.33, where the library fails to detect malicious pickle files that use the numpy.f2py.crackfortran.param_eval function within reduce methods.

Attackers can craft pickle files embedding malicious code that bypasses picklescan's security checks. When these pickle files are deserialized using pickle.load(), the embedded code executes, allowing remote code execution.

The attack exploits the __reduce__ method in pickle files to call param_eval, which can run arbitrary commands on the victim's system.

Impact Analysis

If you rely on picklescan to verify pickle files before loading them, this vulnerability allows attackers to bypass those checks and execute arbitrary code on your system.

  • Remote attackers can embed malicious payloads in pickle files that execute during deserialization.
  • This can lead to remote code execution (RCE), potentially compromising the affected application or system.
  • Organizations or individuals using picklescan to validate PyTorch models or other Python objects are at risk of undetected infection.
Detection Guidance

This vulnerability involves malicious pickle files that use the numpy.f2py.crackfortran.param_eval function in their __reduce__ methods to bypass picklescan detection. Detection requires analyzing pickle files for suspicious use of this function.

Since picklescan versions before 0.0.33 fail to detect these malicious payloads, you should verify the version of picklescan used for scanning and consider manual inspection or enhanced scanning methods.

Suggested commands to detect potentially malicious pickle files include:

  • Use Python scripts to inspect pickle files for the presence of numpy.f2py.crackfortran.param_eval in their __reduce__ methods.
  • Run picklescan with the latest version (>= 0.0.33) to scan pickle files: `picklescan <pickle_file>`.
  • Use `strings <pickle_file> | grep param_eval` to check for suspicious function calls in pickle files.
Mitigation Strategies

To mitigate this vulnerability, immediately upgrade picklescan to version 0.0.33 or later, where the detection issue has been addressed.

Avoid loading pickle files from untrusted or unauthenticated sources, as deserialization of malicious pickle files can lead to arbitrary code execution.

Implement additional security controls such as sandboxing or running deserialization in restricted environments to limit potential damage from malicious payloads.

Review and audit any pickle files used in your applications, especially those that may have been scanned with vulnerable versions of picklescan.

Compliance Impact

This vulnerability allows remote attackers to execute arbitrary code by bypassing security checks in applications that load untrusted pickle data. Such unauthorized code execution can lead to data breaches or unauthorized access to sensitive information.

Consequently, organizations using affected versions of picklescan may face increased risk of non-compliance with data protection regulations such as GDPR and HIPAA, which mandate the protection of personal and sensitive data against unauthorized access and processing.

Failure to detect and prevent malicious pickle files could result in exposure of protected data, potentially leading to regulatory penalties and reputational damage.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71347. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart