Skip to content
Threat Feed

Product

Picklescan < 0.0.28

4 briefs RSS
high advisory

CVE-2025-71369: Picklescan Malicious Pickle Detection Bypass Leading to RCE

A critical vulnerability, CVE-2025-71369, in `picklescan` versions prior to 0.0.28 allows remote attackers to bypass safety checks for malicious Python pickle files that utilize specific `torch.utils.data.datapipes` methods, enabling undetected embedded malicious code to execute during deserialization, which results in remote code execution (RCE) on the victim's system.

picklescan < 0.0.28 python deserialization rce vulnerability supply-chain machine-learning
2t 1c
high advisory

CVE-2025-71366: Picklescan Deserialization Vulnerability Leads to RCE

A critical deserialization vulnerability (CVE-2025-71366) exists in picklescan versions prior to 0.0.28, allowing remote attackers to bypass safety checks by embedding malicious `torch.utils.bottleneck.__main__.run_cprofile` function calls in pickle files, leading to arbitrary code execution when victims load the crafted files.

picklescan < 0.0.28 cve vulnerability deserialization python picklescan
2t 1c
high advisory

CVE-2025-71356: picklescan Deserialization Vulnerability Leads to RCE

A critical deserialization vulnerability (CVE-2025-71356) in `picklescan` versions prior to 0.0.28 allows attackers to embed undetected malicious code within Python pickle files, leading to remote code execution when these files are loaded by victims.

picklescan < 0.0.28 deserialization python vulnerability rce machine-learning
1t 1c
high advisory

CVE-2025-71353: Picklescan Deserialization Vulnerability Leads to Remote Code Execution

Picklescan before version 0.0.28 contains a deserialization vulnerability where it fails to properly detect malicious pickle files. Attackers can craft these files with embedded code that exploits the `torch._dynamo.guards.GuardBuilder.get` function in reduce methods, leading to arbitrary command execution when loaded on a victim system.

picklescan < 0.0.28 deserialization rce python vulnerability CVE-2025-71353
1t 1c 2i