CVE-2025-71372
Received Received - Intake

Picklescan Arbitrary Code Execution via Malicious Pickle Files

Vulnerability report for CVE-2025-71372, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling supply-chain poisoning of shared model files.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-71372 is a vulnerability in Picklescan versions before 0.0.33 where the tool fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods.

This flaw allows attackers to craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks.

The vulnerability enables supply-chain poisoning of shared model files by allowing arbitrary code execution during unpickling.

Impact Analysis

This vulnerability can lead to arbitrary code execution on systems that use Picklescan to validate pickle files.

Attackers can craft malicious pickle files that appear safe during scanning but execute harmful Python code when loaded.

This can result in supply-chain poisoning of shared model files, potentially compromising workflows that rely on these files.

Such an attack could allow unauthorized system commands to run, leading to data breaches or system compromise.

Detection Guidance

This vulnerability involves malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks. Detection involves scanning pickle files with a version of Picklescan that correctly identifies the numpy.f2py.crackfortran.getlincoef gadget.

To detect this vulnerability, ensure you use Picklescan version 0.0.33 or later, as earlier versions fail to detect the malicious gadget.

A suggested command to scan a pickle file is:

  • picklescan scan <pickle_file>

If you are using an older version of Picklescan, it may not flag malicious files containing the numpy.f2py.crackfortran.getlincoef gadget. Therefore, upgrading Picklescan is critical for detection.

Mitigation Strategies

The primary mitigation step is to upgrade Picklescan to version 0.0.33 or later, which includes the fix to detect the malicious numpy.f2py.crackfortran.getlincoef gadget in pickle files.

Additionally, avoid loading pickle files from untrusted or unauthenticated sources, as these can contain malicious code that executes upon unpickling.

Review and validate any shared model files or pickle artifacts before use to prevent supply-chain poisoning.

Compliance Impact

This vulnerability allows arbitrary code execution through malicious pickle files, enabling supply-chain poisoning of shared model files. Such unauthorized code execution and potential data manipulation or exposure could lead to violations of data protection and security requirements mandated by standards like GDPR and HIPAA.

Specifically, the failure to detect malicious pickle files may result in unauthorized access or alteration of sensitive data, which compromises confidentiality and integrity. This undermines compliance with regulations that require safeguarding personal and health information against unauthorized access and ensuring secure software supply chains.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71372. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart