CVE-2025-71366
Received Received - Intake

Picklescan Arbitrary Code Execution via Undetected Torch Profiler Calls

Vulnerability report for CVE-2025-71366, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-71366 is a high-severity vulnerability in picklescan versions before 0.0.28. It involves the failure to detect malicious calls to the torch.utils.bottleneck.__main__.run_cprofile function embedded within pickle files. This allows attackers to bypass picklescan's safety checks and embed undetected code in pickle files.

When a victim loads such a malicious pickle file, arbitrary code execution can occur, enabling attackers to run commands remotely.

Impact Analysis

This vulnerability can lead to arbitrary code execution on systems that load malicious pickle files without proper detection. Attackers can execute commands remotely, potentially compromising the affected system.

It poses a significant supply chain risk, especially for organizations using picklescan to validate PyTorch models, APIs, or saved Python objects, as infected pickle files could spread malicious code undetected.

Detection Guidance

This vulnerability can be detected by analyzing pickle files for malicious calls to the torch.utils.bottleneck.__main__.run_cprofile function embedded within their reduce methods. Since picklescan versions before 0.0.28 fail to detect these, using an updated version of picklescan (0.0.28 or later) is recommended to scan and detect such malicious pickle files.

A practical approach is to run picklescan on suspicious pickle files to check for unsafe deserialization attempts. For example, you can use the command:

  • picklescan suspicious_file.pkl

If you suspect malicious activity, monitoring for unexpected execution of commands like "whoami" triggered by loading pickle files can also help detect exploitation attempts.

Mitigation Strategies

The immediate mitigation step is to upgrade picklescan to version 0.0.28 or later, where the detection for malicious torch.utils.bottleneck.__main__.run_cprofile calls in pickle files has been fixed.

Additionally, avoid loading pickle files from untrusted or unauthenticated sources, as this vulnerability allows arbitrary code execution when such files are deserialized.

Implement strict validation and scanning of all pickle files before loading them in your environment to prevent exploitation.

Compliance Impact

The vulnerability allows attackers to embed undetected malicious code in pickle files, leading to arbitrary code execution when these files are loaded. This can result in unauthorized access or manipulation of data.

Such unauthorized code execution and potential data compromise could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive data and ensuring system integrity.

Organizations using affected versions of picklescan may face increased risk of data breaches or unauthorized data processing due to this vulnerability, potentially leading to regulatory non-compliance.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71366. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart