CVE-2025-71348 picklescan CVE debrief

Who should care

Organizations using picklescan versions before 0.0.28 should be aware of this vulnerability, especially those involved in the supply chain or using pickle files for deserialization. Developers and security teams responsible for maintaining and securing systems that utilize picklescan should prioritize updating to version 0.0.28 or later to mitigate this risk.

Technical summary

The vulnerability exists in the picklescan library, which is used for detecting malicious pickle files. Specifically, picklescan before 0.0.28 fails to identify pickle files that use the torch.utils._config_module.load_config function within their reduce methods. This oversight allows attackers to craft pickle files that embed arbitrary code, which is not detected by picklescan but is executed when the pickle file is loaded using pickle.load(). This can lead to remote code execution (RCE) in supply chain attacks, making it a critical issue for systems that deserialize pickle files.

Defensive priority

High priority due to potential for remote code execution in supply chain attacks

Recommended defensive actions

• Update picklescan to version 0.0.28 or later
• Review and restrict the deserialization of pickle files
• Implement additional security measures for supply chain protection
• Monitor systems for suspicious pickle file activity
• Inventory and assess the exposure of systems using affected picklescan versions

Evidence notes

The primary evidence for this vulnerability comes from the CVE-2025-71348 record and references provided by NVD and Vulncheck. The affected product is picklescan, specifically versions before 0.0.28. The vulnerability allows for remote code execution by bypassing picklescan's detection of malicious pickle files. Defenders should verify the version of picklescan in use and update to 0.0.28 or later. Additionally, defenders should review official advisories and references for further details on mitigating this vulnerability.

Official resources