CVE-2025-71367
Received Received - Intake

Picklescan Unsafe Deserialization via _operator.attrgetter Bypass

Vulnerability report for CVE-2025-71367, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using _operator.attrgetter in reduce methods to execute arbitrary code when pickle.load() processes the file.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mmaitre314 picklescan to 0.0.34 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in picklescan versions before 0.0.34, where the software fails to detect malicious pickle files that use the Python built-in function _operator.attrgetter. Attackers can craft specially designed pickle payloads that include _operator.attrgetter calls within reduce methods. Because picklescan does not flag these as dangerous, when such a malicious pickle file is loaded using pickle.load(), it can lead to the execution of arbitrary code on the victim's system.

Impact Analysis

This vulnerability can allow remote attackers to execute arbitrary code on systems that use vulnerable versions of picklescan to scan or load pickle files. If an attacker crafts a malicious pickle file exploiting this flaw, they can bypass security checks and run harmful code when the file is processed. This poses a significant risk to organizations relying on picklescan for scanning PyTorch models or other pickle-based files, potentially leading to system compromise or unauthorized actions.

Detection Guidance

This vulnerability involves picklescan versions before 0.0.34 failing to detect malicious pickle files that use the _operator.attrgetter function in reduce methods. Detection involves scanning pickle files for the presence of _operator.attrgetter calls that picklescan does not flag.

Since picklescan itself fails to detect this, you should upgrade picklescan to version 0.0.34 or later which includes the patch to detect such payloads.

To detect potentially malicious pickle files on your system, you can manually inspect pickle payloads or use updated scanning tools. For example, you might use Python commands to load and analyze pickle files cautiously, or run picklescan after upgrading it.

  • Upgrade picklescan to version 0.0.34 or later.
  • Use picklescan to scan pickle files: `picklescan <pickle_file>`
  • Manually inspect pickle files for suspicious reduce calls involving _operator.attrgetter using Python scripts.
Mitigation Strategies

The primary mitigation step is to upgrade picklescan to version 0.0.34 or later, which includes a patch to detect the malicious use of _operator.attrgetter in pickle payloads.

Additionally, avoid loading pickle files from untrusted or unauthenticated sources, as this vulnerability allows remote code execution when processing malicious pickle files.

  • Upgrade picklescan to version 0.0.34 or later.
  • Do not load pickle files from untrusted sources.
  • Implement additional security controls such as sandboxing or running pickle.load() in restricted environments.
Compliance Impact

The vulnerability allows remote code execution by bypassing security checks in pickle payloads, which can lead to unauthorized access or manipulation of sensitive data.

Such unauthorized code execution and potential data compromise could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and sensitive information.

Organizations relying on picklescan for scanning pickle files may unknowingly process malicious files, increasing the risk of data breaches and non-compliance with these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71367. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart