CVE-2025-71321 picklescan CVE debrief

Who should care

Organizations using picklescan before version 0.0.33 should be aware of this vulnerability and take immediate action to mitigate it. This includes updating to the latest version of picklescan and implementing additional security measures to prevent exploitation.

Technical summary

The vulnerability in picklescan before version 0.0.33 allows attackers to write arbitrary files by bypassing the dangerous blocklist using distutils.file_util.write_file. This can be exploited by constructing malicious pickle objects that can overwrite critical system files, leading to denial of service or remote code execution. The vulnerability has a CVSS score of 9.3 and is classified as critical.

Defensive priority

high

Recommended defensive actions

• Update picklescan to version 0.0.33 or later
• Implement additional security measures to prevent exploitation, such as validating user input and restricting file access
• Monitor systems for suspicious activity and implement incident response plans
• Conduct regular vulnerability assessments and penetration testing
• Consider implementing a web application firewall to detect and prevent attacks
• Keep software and dependencies up to date with the latest security patches

Evidence notes

The vulnerability is confirmed by the CVE record and NVD detail. The CVE was published on June 17, 2026, and last modified on the same day. The vulnerability has a CVSS score of 9.3 and is classified as critical.

Official resources