CVE-2025-71359
Received Received - Intake

Malicious Pickle Payload Evasion in Picklescan

Vulnerability report for CVE-2025-71359, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-71359 is a vulnerability in picklescan versions before 0.0.29 where the tool fails to detect malicious pickle payloads that use the Python function lib2to3.pgen2.grammar.Grammar.loads in the reduce method.

This flaw allows attackers to craft specially designed pickle files that embed dangerous code which evades picklescan's detection mechanisms.

When such a malicious pickle file is deserialized using pickle.load(), the embedded code executes remotely, leading to remote code execution.

Impact Analysis

This vulnerability can lead to remote code execution on systems that use vulnerable versions of picklescan to scan or load pickle files.

Attackers can exploit this by distributing malicious pickle files that bypass picklescan's safety checks and execute arbitrary code during deserialization.

This can compromise the security of applications relying on picklescan, potentially leading to unauthorized access, data breaches, or system compromise.

Detection Guidance

This vulnerability involves malicious pickle files that use lib2to3.pgen2.grammar.Grammar.loads in their reduce method to evade detection by picklescan versions before 0.0.29. Detection requires scanning pickle files for this specific pattern or behavior.

Since picklescan before 0.0.29 fails to detect these payloads, you should upgrade picklescan to version 0.0.29 or later to improve detection capabilities.

To detect potentially malicious pickle files on your system, you can use the updated picklescan tool to scan pickle files or PyTorch models. For example, run a command like:

  • picklescan scan <path_to_pickle_file_or_directory>

If you want to manually inspect pickle files for suspicious reduce methods involving lib2to3.pgen2.grammar.Grammar.loads, you could write a Python script to analyze the pickle bytecode or use debugging tools to check the __reduce__ method contents.

Mitigation Strategies

The primary mitigation step is to upgrade picklescan to version 0.0.29 or later, where this vulnerability has been patched.

Avoid loading pickle files from untrusted or unauthenticated sources, as malicious pickle files can execute arbitrary code during deserialization.

Implement additional security controls such as sandboxing or running deserialization in restricted environments to limit the impact of potential remote code execution.

Review and monitor your supply chain for any use of pickle files or PyTorch models that could be infected with malicious payloads exploiting this vulnerability.

Compliance Impact

The vulnerability allows remote code execution through malicious pickle files that bypass picklescan detection. This can lead to unauthorized access or manipulation of sensitive data during deserialization.

Such unauthorized access or data manipulation can result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring data integrity.

Organizations using vulnerable versions of picklescan may be at risk of data breaches or integrity violations, potentially leading to regulatory penalties or legal consequences.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71359. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart