PatchSiren cyber security CVE debrief
CVE-2025-71344 picklescan CVE debrief
CVE-2025-71344 is a high-severity vulnerability in picklescan, a tool used for scanning pickle files. The vulnerability affects versions 0.0.26 and earlier, and was addressed in version 0.0.30. An attacker can exploit this vulnerability by crafting a malicious pickle file that embeds an ensurepip._run_pip call in its __reduce__ method. When this pickle file is loaded using pickle.load(), the embedded ensurepip._run_pip call is executed, allowing the attacker to execute arbitrary code. This vulnerability has a CVSS score of 7.6 and is considered high severity. The CVE was published on June 22, 2026, and last modified on June 23, 2026.
- Vendor
- picklescan
- Product
- Unknown
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-22
- Original CVE updated
- 2026-06-23
- Advisory published
- 2026-06-22
- Advisory updated
- 2026-06-23
Who should care
Developers and users of picklescan, particularly those using versions 0.0.26 and earlier, should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.0.30 or later, and being cautious when loading pickle files from untrusted sources. Additionally, security teams and administrators should be aware of the potential for exploitation and monitor for suspicious activity.
Technical summary
The vulnerability in picklescan arises from its failure to detect the ensurepip._run_pip built-in function when scanning pickle files. This allows attackers to craft malicious pickle files that can execute arbitrary code when loaded. The vulnerability is particularly concerning because it can be exploited remotely, and can be used to achieve code execution on a vulnerable system. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
High priority should be given to updating picklescan to version 0.0.30 or later. Additionally, defenders should be cautious when loading pickle files from untrusted sources, and consider implementing additional security controls such as input validation and sandboxing.
Recommended defensive actions
- Update picklescan to version 0.0.30 or later
- Be cautious when loading pickle files from untrusted sources
- Implement additional security controls such as input validation and sandboxing
- Monitor for suspicious activity and consider implementing detection and response measures
- Consider using alternative serialization formats or libraries that are not vulnerable to this issue
Evidence notes
The CVE-2025-71344 vulnerability was identified in picklescan, a tool used for scanning pickle files. The vulnerability affects versions 0.0.26 and earlier, and was addressed in version 0.0.30. The CVE was published on June 22, 2026, and last modified on June 23, 2026. The CVSS score for this vulnerability is 7.6, and it is considered high severity. The vulnerability can be exploited remotely, and can be used to achieve code execution on a vulnerable system.
Official resources
This article is AI-assisted and based on the supplied source corpus.