CVE-2025-71362
Received Received - Intake

Unsafe Deserialization in PickleScan via numpy.f2py.crackfortran

Vulnerability report for CVE-2025-71362, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects picklescan versions before 0.0.33 and involves unsafe deserialization in the numpy.f2py.crackfortran functions. Specifically, the function getlincoef calls eval on arbitrary strings, which allows attackers to embed malicious code in pickle files. When these malicious pickle files are loaded from untrusted sources, the embedded code executes, potentially compromising the system.

Impact Analysis

The vulnerability can lead to arbitrary code execution on systems using vulnerable versions of picklescan. Attackers can distribute malicious pickle files through machine learning models, APIs, or saved Python objects, which when loaded, execute harmful code. This can result in unauthorized actions, data compromise, or system control by attackers.

Detection Guidance

This vulnerability involves unsafe deserialization in picklescan versions before 0.0.33, specifically in the numpy.f2py.crackfortran functions that call eval on arbitrary strings embedded in pickle files.

Detection involves identifying the use of vulnerable picklescan versions and monitoring for loading of pickle files from untrusted sources that may contain malicious payloads.

Since the vulnerability is related to unsafe deserialization in Python pickle files, you can detect suspicious activity by monitoring for pickle file loads or executions involving numpy.f2py.crackfortran functions.

  • Check the installed picklescan version with: `pip show picklescan` or `pip list | grep picklescan`.
  • Search for usage of pickle files in your environment, for example: `find /path/to/scan -name '*.pickle'` or `find /path/to/scan -name '*.pkl'`.
  • Monitor Python logs or runtime traces for calls to `numpy.f2py.crackfortran` or suspicious eval executions.
  • Use static code analysis or grep to find code invoking `numpy.f2py.crackfortran.getlincoef` or similar functions that may evaluate arbitrary strings.
Mitigation Strategies

The primary mitigation is to upgrade picklescan to version 0.0.33 or later, where this unsafe deserialization issue has been fixed.

Avoid loading pickle files from untrusted or unauthenticated sources, as these can contain malicious code that executes during deserialization.

Implement strict validation and sanitization of any pickle files before loading them in your environment.

Consider using safer serialization formats or libraries that do not allow arbitrary code execution during deserialization.

Monitor your systems for unusual activity related to pickle file processing and restrict permissions to limit potential exploitation.

Compliance Impact

This vulnerability allows attackers to execute arbitrary code by exploiting unsafe deserialization in the picklescan package. Such unauthorized code execution can lead to unauthorized access, data manipulation, or data breaches when processing untrusted pickle files.

Because of these risks, organizations using affected versions of picklescan may face challenges in maintaining compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access and ensuring data integrity.

Specifically, the vulnerability could lead to exposure or alteration of personal or protected health information if exploited, thereby potentially violating regulatory requirements for data confidentiality and security.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71362. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart