PatchSiren cyber security CVE debrief
CVE-2025-71353 picklescan CVE debrief
CVE-2025-71353 is a high-severity vulnerability in picklescan before version 0.0.28. The vulnerability allows attackers to craft malicious pickle files that evade detection by picklescan and execute arbitrary commands when loaded. The vulnerability is caused by picklescan's failure to detect malicious pickle files that exploit the torch._dynamo.guards.GuardBuilder.get function in reduce methods. This vulnerability has a CVSS score of 7.6 and is classified as HIGH severity. The CVE was published on July 4, 2026.
- Vendor
- picklescan
- Product
- Unknown
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-04
- Original CVE updated
- 2026-07-04
- Advisory published
- 2026-07-04
- Advisory updated
- 2026-07-04
Who should care
Developers and users of picklescan before version 0.0.28 should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.0.28 or later, and being cautious when loading pickle files from untrusted sources. Additionally, users of torch._dynamo.guards.GuardBuilder should be aware of the potential for malicious pickle files to evade detection.
Technical summary
The vulnerability in picklescan before version 0.0.28 allows attackers to craft malicious pickle files that exploit the torch._dynamo.guards.GuardBuilder.get function in reduce methods. This function is used to detect malicious pickle files, but it can be evaded by attackers who craft pickle files with embedded code. When loaded, these pickle files can execute arbitrary commands. The vulnerability has a CVSS score of 7.6 and is classified as HIGH severity.
Defensive priority
High priority should be given to updating picklescan to version 0.0.28 or later. Additionally, users should be cautious when loading pickle files from untrusted sources and consider implementing additional security measures to detect and prevent malicious pickle files.
Recommended defensive actions
- Update picklescan to version 0.0.28 or later
- Be cautious when loading pickle files from untrusted sources
- Implement additional security measures to detect and prevent malicious pickle files
- Monitor for suspicious activity related to pickle files
- Consider implementing compensating controls to detect and prevent malicious pickle files
Evidence notes
The evidence for this vulnerability comes from the CVE record and the NVD detail page. The CVE record provides information on the vulnerability, including its CVSS score and severity. The NVD detail page provides additional information on the vulnerability, including its description and references.
Official resources
This article is AI-assisted and based on the supplied source corpus.