Product
high
advisory
CVE-2025-71360: Picklescan RCE via Undetected Malicious Pickle Files
2 TTPs 1 CVEA high-severity deserialization of untrusted data vulnerability (CVE-2025-71360) in picklescan versions before 0.0.29 allows attackers to embed undetected remote command execution code within malicious pickle files, leading to arbitrary code execution when loaded by victims.
picklescan < 0.0.29
deserialization
rce
vulnerability
python
2t
1c
high
advisory
CVE-2025-71359: Picklescan Deserialization RCE Bypass
2 TTPs 1 CVEPicklescan versions prior to 0.0.29 are vulnerable to remote code execution (CVE-2025-71359) due to a failure in detecting malicious Python pickle payloads that utilize `lib2to3.pgen2.grammar.Grammar.loads`, allowing attackers to craft files that evade detection and execute arbitrary code during deserialization.
picklescan < 0.0.29
remote-code-execution
deserialization
python
vulnerability
supply-chain
2t
1c