CVE-2025-71375
Received Received - Intake

Pickle Deserialization Flaw in Picklescan Allows Code Execution

Vulnerability report for CVE-2025-71375, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-71375 is a vulnerability in the picklescan library versions before 0.0.34. The issue is that picklescan fails to detect the use of the built-in Python function _operator.methodcaller when scanning pickle files for malicious code.

Attackers can craft malicious pickle payloads using _operator.methodcaller that bypass picklescan's detection mechanisms. When such a payload is loaded using pickle.load(), it can execute arbitrary code on the victim's system.

Impact Analysis

This vulnerability allows attackers to execute arbitrary code remotely by crafting malicious pickle files that evade detection by picklescan.

If you rely on picklescan to scan pickle files for malicious content, an attacker can bypass this protection and execute harmful commands on your system when you load the malicious pickle file.

This can lead to unauthorized system access, data compromise, or other malicious activities depending on the executed code.

Detection Guidance

This vulnerability involves picklescan failing to detect malicious pickle payloads crafted using the _operator.methodcaller function. Detection involves scanning pickle files with picklescan versions before 0.0.34, which do not recognize this threat.

To detect if your system is vulnerable, you can check the version of picklescan installed by running the command:

  • pip show picklescan

To scan a pickle file for malicious content using picklescan, use the command:

  • picklescan <pickle_file>

If the picklescan version is below 0.0.34, it may fail to detect malicious payloads using _operator.methodcaller. Therefore, detection by picklescan alone is insufficient for vulnerable versions.

Mitigation Strategies

The primary mitigation step is to upgrade picklescan to version 0.0.34 or later, where detection of the _operator.methodcaller function is implemented.

Avoid loading pickle files from untrusted or unauthenticated sources using pickle.load(), as malicious payloads can execute arbitrary code.

Review and restrict the use of pickle.load() in your environment, especially in automated workflows that rely on picklescan for security scanning.

Compliance Impact

This vulnerability allows attackers to execute arbitrary code remotely by bypassing detection in the picklescan library when loading malicious pickle files. Such unauthorized code execution can lead to unauthorized access, data breaches, or manipulation of sensitive data.

Consequently, organizations using vulnerable versions of picklescan may face increased risk of non-compliance with data protection regulations such as GDPR and HIPAA, which mandate the protection of personal and sensitive information against unauthorized access and processing.

Failure to mitigate this vulnerability could result in violations of these standards due to potential data breaches or compromise of system integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71375. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart