PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-71364 picklescan CVE debrief

CVE-2025-71364 is a high-severity vulnerability in picklescan, a Python library for detecting and preventing arbitrary code execution via pickle files. The vulnerability occurs because picklescan before version 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods. This allows remote attackers to craft malicious pickle files that embed this built-in function, evading detection but executing arbitrary commands when loaded. The vulnerability has a CVSS score of 7.6 and is classified as HIGH severity. The CVE record was published on 2026-07-04T02:16:22.583Z and has not been modified since then.

Vendor
picklescan
Product
Unknown
CVSS
HIGH 7.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-04
Original CVE updated
2026-07-04
Advisory published
2026-07-04
Advisory updated
2026-07-04

Who should care

Organizations using picklescan in their applications should prioritize upgrading to version 0.0.30 or later to mitigate this vulnerability. Developers working with pickle files or using picklescan in their projects need to be aware of this issue to ensure the security of their applications. Security teams responsible for monitoring and patching vulnerabilities in their organization's software stack should also be aware of this CVE.

Technical summary

The vulnerability in picklescan arises from its inability to detect the asyncio.unix_events._UnixSubprocessTransport._start function when it appears in pickle reduce methods. Pickle files are a Python serialization format that can be used to store and retrieve Python objects. However, they can also be used to execute arbitrary code, making them a potential attack vector. The asyncio.unix_events._UnixSubprocessTransport._start function is a built-in Python function that can be used to execute system commands. By embedding this function in a pickle file, an attacker can create a malicious pickle file that will execute arbitrary commands when loaded. The vulnerability has a CVSS score of 7.6, indicating a high severity level.

Defensive priority

Upgrade picklescan to version 0.0.30 or later to ensure detection of the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods. Implement additional security measures such as validating and sanitizing input data, restricting access to pickle files, and monitoring for suspicious activity.

Recommended defensive actions

  • Upgrade picklescan to version 0.0.30 or later
  • Validate and sanitize input data to prevent malicious pickle files
  • Restrict access to pickle files to prevent unauthorized loading
  • Monitor for suspicious activity related to pickle files
  • Implement additional security measures such as code signing and verification

Evidence notes

The CVE record was published on 2026-07-04T02:16:22.583Z and has not been modified since then. The vulnerability has a CVSS score of 7.6 and is classified as HIGH severity. The vulnerability occurs because picklescan before version 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods.

Official resources

This article is AI-assisted and based on the supplied source corpus.