CVE-2025-71357 picklescan CVE debrief

Who should care

Defenders responsible for systems using picklescan before version 0.0.30 should prioritize patching or mitigating this vulnerability. This includes developers, security teams, and IT professionals managing systems that process pickle files. The vulnerability's high severity and potential for remote code execution make it a critical concern for organizations using affected versions of picklescan.

Technical summary

The vulnerability CVE-2025-71357 affects picklescan before version 0.0.30. The issue arises from the library's failure to detect malicious pickle files that utilize idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. This allows attackers to embed undetected code in pickle files, which can execute remote commands when loaded by victims. The vulnerability is attributed to CWE-502 and has a CVSS score of 7.6, indicating high severity. The attack vector is network-based, and the vulnerability can be exploited with low attack complexity.

Defensive priority

High priority due to potential for remote code execution

Recommended defensive actions

• Inventory systems using picklescan and verify version 0.0.30 or later is installed
• Review and apply official patches or updates for picklescan
• Implement compensating controls to monitor and restrict pickle file processing
• Review and update secure coding practices for handling pickle files
• Monitor systems for suspicious activity related to pickle file processing

Evidence notes

The primary evidence for this vulnerability comes from Vulncheck and the NVD. The vulnerability is confirmed in picklescan before version 0.0.30. The CVE record and NVD detail provide additional context. The affected product and vendor are not clearly identified, but Vulncheck has confirmed the vulnerability. Defenders should verify the official sources for the most up-to-date information.

Official resources