PatchSiren cyber security CVE debrief
CVE-2025-71345 picklescan CVE debrief
CVE-2025-71345 is a high-severity vulnerability in picklescan before version 0.0.30. The vulnerability allows attackers to embed undetected code in pickle files that executes during deserialization, enabling remote code execution. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.6, indicating a high level of severity. The vulnerability was published on July 4, 2026, and has not been modified since then. The CVE record and NVD detail pages provide more information about this vulnerability.
- Vendor
- picklescan
- Product
- Unknown
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-04
- Original CVE updated
- 2026-07-04
- Advisory published
- 2026-07-04
- Advisory updated
- 2026-07-04
Who should care
Organizations using picklescan before version 0.0.30 should be aware of this vulnerability and take steps to mitigate it. This includes upgrading to version 0.0.30 or later, and ensuring that all pickle files are properly validated before deserialization. Additionally, developers using picklescan in their applications should be cautious when deserializing pickle files from untrusted sources.
Technical summary
The vulnerability in picklescan before version 0.0.30 allows attackers to embed malicious code in pickle files that invokes the torch.utils.bottleneck.__main__.run_autograd_prof function. This code executes during deserialization, enabling remote code execution. The vulnerability has a CVSS score of 7.6 and is considered high-severity. The CVE record and NVD detail pages provide more information about this vulnerability, including the CVSS vector and weaknesses.
Defensive priority
High priority should be given to upgrading picklescan to version 0.0.30 or later. Additionally, defenders should ensure that all pickle files are properly validated before deserialization, and that developers are cautious when deserializing pickle files from untrusted sources.
Recommended defensive actions
- Upgrade picklescan to version 0.0.30 or later
- Validate all pickle files before deserialization
- Be cautious when deserializing pickle files from untrusted sources
- Monitor for suspicious activity related to pickle file deserialization
- Implement additional security controls to prevent remote code execution
Evidence notes
The CVE record and NVD detail pages provide more information about this vulnerability. The vulnerability has a CVSS score of 7.6 and is considered high-severity. The weakness associated with this vulnerability is CWE-502. The CVE record and NVD detail pages also provide information about the CVSS vector and references related to this vulnerability.
Official resources
This article is AI-assisted and based on the supplied source corpus.