Product
CVE-2025-71369: Picklescan Malicious Pickle Detection Bypass Leading to RCE
2 TTPs 1 CVEA critical vulnerability, CVE-2025-71369, in `picklescan` versions prior to 0.0.28 allows remote attackers to bypass safety checks for malicious Python pickle files that utilize specific `torch.utils.data.datapipes` methods, enabling undetected embedded malicious code to execute during deserialization, which results in remote code execution (RCE) on the victim's system.
CVE-2025-71366: Picklescan Deserialization Vulnerability Leads to RCE
2 TTPs 1 CVEA critical deserialization vulnerability (CVE-2025-71366) exists in picklescan versions prior to 0.0.28, allowing remote attackers to bypass safety checks by embedding malicious `torch.utils.bottleneck.__main__.run_cprofile` function calls in pickle files, leading to arbitrary code execution when victims load the crafted files.
CVE-2025-71356: picklescan Deserialization Vulnerability Leads to RCE
1 TTP 1 CVEA critical deserialization vulnerability (CVE-2025-71356) in `picklescan` versions prior to 0.0.28 allows attackers to embed undetected malicious code within Python pickle files, leading to remote code execution when these files are loaded by victims.
CVE-2025-71353: Picklescan Deserialization Vulnerability Leads to Remote Code Execution
1 TTP 1 CVE 2 IOCsPicklescan before version 0.0.28 contains a deserialization vulnerability where it fails to properly detect malicious pickle files. Attackers can craft these files with embedded code that exploits the `torch._dynamo.guards.GuardBuilder.get` function in reduce methods, leading to arbitrary command execution when loaded on a victim system.