PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-71345 picklescan CVE debrief

CVE-2025-71345 is a high-severity vulnerability in picklescan before version 0.0.30. The vulnerability allows attackers to embed undetected code in pickle files that executes during deserialization, enabling remote code execution. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.6, indicating a high level of severity. The vulnerability was published on July 4, 2026, and has not been modified since then. The CVE record and NVD detail pages provide more information about this vulnerability.

Vendor
picklescan
Product
Unknown
CVSS
HIGH 7.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-04
Original CVE updated
2026-07-04
Advisory published
2026-07-04
Advisory updated
2026-07-04

Who should care

Organizations using picklescan before version 0.0.30 should be aware of this vulnerability and take steps to mitigate it. This includes upgrading to version 0.0.30 or later, and ensuring that all pickle files are properly validated before deserialization. Additionally, developers using picklescan in their applications should be cautious when deserializing pickle files from untrusted sources.

Technical summary

The vulnerability in picklescan before version 0.0.30 allows attackers to embed malicious code in pickle files that invokes the torch.utils.bottleneck.__main__.run_autograd_prof function. This code executes during deserialization, enabling remote code execution. The vulnerability has a CVSS score of 7.6 and is considered high-severity. The CVE record and NVD detail pages provide more information about this vulnerability, including the CVSS vector and weaknesses.

Defensive priority

High priority should be given to upgrading picklescan to version 0.0.30 or later. Additionally, defenders should ensure that all pickle files are properly validated before deserialization, and that developers are cautious when deserializing pickle files from untrusted sources.

Recommended defensive actions

  • Upgrade picklescan to version 0.0.30 or later
  • Validate all pickle files before deserialization
  • Be cautious when deserializing pickle files from untrusted sources
  • Monitor for suspicious activity related to pickle file deserialization
  • Implement additional security controls to prevent remote code execution

Evidence notes

The CVE record and NVD detail pages provide more information about this vulnerability. The vulnerability has a CVSS score of 7.6 and is considered high-severity. The weakness associated with this vulnerability is CWE-502. The CVE record and NVD detail pages also provide information about the CVSS vector and references related to this vulnerability.

Official resources

This article is AI-assisted and based on the supplied source corpus.