CVE-2025-71353
Received Received - Intake

picklescan Arbitrary Code Execution via GuardBuilder.get

Vulnerability report for CVE-2025-71353, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

picklescan versions before 0.0.28 fail to detect malicious pickle files that exploit the torch._dynamo.guards.GuardBuilder.get function in reduce methods.

Attackers can craft pickle files with embedded code that bypasses picklescan's detection and executes arbitrary commands when these files are loaded.

This vulnerability is a form of deserialization of untrusted data, allowing remote code execution.

Impact Analysis

An attacker can execute arbitrary commands on your system by tricking picklescan into loading a malicious pickle file.

This can lead to remote code execution, potentially compromising the security and integrity of your environment.

  • Supply chain attacks where malicious pickle files are distributed through machine learning models, APIs, or saved Python objects.
  • Unauthorized access or control over affected systems.
Detection Guidance

This vulnerability involves malicious pickle files that exploit the torch._dynamo.guards.GuardBuilder.get function in reduce methods, which picklescan versions before 0.0.28 fail to detect.

To detect this vulnerability on your system, you should check the version of picklescan installed and identify any usage of pickle files that might be loaded via pickle.load().

Suggested commands include:

  • Check picklescan version: `picklescan --version` or `pip show picklescan`
  • Scan pickle files for malicious content using picklescan (if version < 0.0.28): `picklescan suspicious_file.pkl`
  • Monitor network or system logs for unexpected execution of pickle.load() on untrusted files.
Mitigation Strategies

The primary mitigation step is to upgrade picklescan to version 0.0.28 or later, where this vulnerability has been patched.

Additionally, avoid loading pickle files from untrusted or unauthenticated sources, as these can contain malicious payloads exploiting this vulnerability.

Implement strict validation and scanning of pickle files before loading them in your environment.

Compliance Impact

This vulnerability allows attackers to execute arbitrary code by bypassing detection in malicious pickle files, which can lead to unauthorized access or manipulation of data.

Such unauthorized access or data manipulation could potentially result in violations of data protection regulations like GDPR or HIPAA, especially if sensitive personal or health information is involved.

Therefore, organizations using vulnerable versions of picklescan may face compliance risks if this vulnerability is exploited, as it undermines the security controls intended to protect data confidentiality and integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71353. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart