{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/picklescan--0.0.29/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2025-71360"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["picklescan \u003c 0.0.29"],"_cs_severities":["high"],"_cs_tags":["deserialization","rce","vulnerability","python"],"_cs_type":"advisory","_cs_vendors":["picklescan"],"content_html":"\u003cp\u003eCVE-2025-71360 describes a critical deserialization vulnerability impacting \u003ccode\u003epicklescan\u003c/code\u003e versions prior to 0.0.29, a Python library designed to detect malicious code within Python pickle files. Specifically, the flaw lies in \u003ccode\u003epicklescan\u003c/code\u003e's failure to detect malicious code embedded using the \u003ccode\u003eidlelib.calltip.get_entity\u003c/code\u003e function within pickle reduce methods. This oversight allows attackers to craft specially designed pickle files containing arbitrary Python code that bypasses \u003ccode\u003epicklescan\u003c/code\u003e's security checks. When a victim subsequently loads such a malicious pickle file, the embedded code is executed, enabling remote command execution (RCE) on the affected system. This vulnerability poses a significant risk to applications that process or scan untrusted pickle files, as it effectively nullifies the security benefits \u003ccode\u003epicklescan\u003c/code\u003e is intended to provide.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Python pickle file containing arbitrary code, leveraging the \u003ccode\u003eidlelib.calltip.get_entity\u003c/code\u003e function within the pickle's \u003ccode\u003e__reduce__\u003c/code\u003e method to embed their payload.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes this specially crafted pickle file to a target system, potentially through email attachments, untrusted file downloads, or as part of a compromised data exchange.\u003c/li\u003e\n\u003cli\u003eA victim receives and attempts to process or scan the untrusted pickle file using an affected version of the \u003ccode\u003epicklescan\u003c/code\u003e library (prior to 0.0.29).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003epicklescan\u003c/code\u003e library, when performing its security checks, fails to correctly identify and flag the malicious code embedded via \u003ccode\u003eidlelib.calltip.get_entity\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe malicious pickle file is then loaded or deserialized by a Python application or script on the victim's system.\u003c/li\u003e\n\u003cli\u003eDuring the deserialization process, the embedded code within the pickle file executes, leading to arbitrary remote command execution on the victim's system, granting the attacker control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-71360 leads to arbitrary remote code execution on the victim's system. This can result in complete system compromise, allowing attackers to install malware, exfiltrate sensitive data, establish persistence, or pivot to other systems within the network. Organizations relying on \u003ccode\u003epicklescan\u003c/code\u003e for validating untrusted data could be unknowingly processing malicious content, leading to widespread compromise. The direct impact is the subversion of a security control, enabling attackers to bypass detection and execute their payloads.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update \u003ccode\u003epicklescan\u003c/code\u003e to version 0.0.29 or newer to remediate CVE-2025-71360.\u003c/li\u003e\n\u003cli\u003eImplement strict controls around the handling and loading of Python pickle files, treating all external or untrusted pickle files as potentially malicious.\u003c/li\u003e\n\u003cli\u003eEducate users and developers on the dangers of deserializing untrusted data and the importance of using secure deserialization alternatives or strict validation.\u003c/li\u003e\n\u003cli\u003eConsider deploying application-level sandboxing or isolation for processes that handle pickle file deserialization to limit the impact of potential RCE.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T02:24:27Z","date_published":"2026-07-04T02:24:27Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71360-picklescan-rce/","summary":"A high-severity deserialization of untrusted data vulnerability (CVE-2025-71360) in picklescan versions before 0.0.29 allows attackers to embed undetected remote command execution code within malicious pickle files, leading to arbitrary code execution when loaded by victims.","title":"CVE-2025-71360: Picklescan RCE via Undetected Malicious Pickle Files","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71360-picklescan-rce/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2025-71359"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["picklescan \u003c 0.0.29"],"_cs_severities":["high"],"_cs_tags":["remote-code-execution","deserialization","python","vulnerability","supply-chain"],"_cs_type":"advisory","_cs_vendors":["mmaitre314"],"content_html":"\u003cp\u003eThis brief addresses CVE-2025-71359, a high-severity vulnerability impacting \u003ccode\u003epicklescan\u003c/code\u003e versions before 0.0.29. The \u003ccode\u003epicklescan\u003c/code\u003e library, designed to detect malicious Python pickle payloads, fails to identify specific evasion techniques. Specifically, attackers can craft pickle files that embed dangerous code by leveraging \u003ccode\u003elib2to3.pgen2.grammar.Grammar.loads\u003c/code\u003e within the \u003ccode\u003e__reduce__\u003c/code\u003e method. These specially crafted payloads bypass \u003ccode\u003epicklescan\u003c/code\u003e's scrutiny. When an application subsequently deserializes such an untrusted pickle file using Python's \u003ccode\u003epickle.load()\u003c/code\u003e, the embedded malicious code executes on the host system. This remote code execution (RCE) can grant attackers significant control over the compromised environment, allowing for data exfiltration, system modification, or further network penetration. The vulnerability highlights the inherent risks of deserializing untrusted data and the need for robust validation mechanisms.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eCraft Malicious Pickle Payload\u003c/strong\u003e: An attacker crafts a Python pickle file (\u003ccode\u003e.pkl\u003c/code\u003e) embedding arbitrary code, specifically utilizing \u003ccode\u003elib2to3.pgen2.grammar.Grammar.loads\u003c/code\u003e within the \u003ccode\u003e__reduce__\u003c/code\u003e method to achieve RCE.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEvade Security Scanner\u003c/strong\u003e: The crafted malicious payload is designed to exploit the flaw in \u003ccode\u003epicklescan\u003c/code\u003e versions prior to 0.0.29, allowing it to bypass its detection mechanisms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDelivery of Malicious File\u003c/strong\u003e: The attacker delivers the malicious pickle file to a target system. This could occur via various vectors, such as uploading to a vulnerable web application, attaching it to a phishing email, or injecting it into a compromised software supply chain.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTarget Application Processes Pickle File\u003c/strong\u003e: A vulnerable application on the target system receives and attempts to deserialize the seemingly benign (undetected by \u003ccode\u003epicklescan\u003c/code\u003e) malicious pickle file using Python's \u003ccode\u003epickle.load()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeserialization and Code Execution\u003c/strong\u003e: During the deserialization process, the \u003ccode\u003e__reduce__\u003c/code\u003e method within the pickle object is invoked, and the embedded \u003ccode\u003eGrammar.loads\u003c/code\u003e executes the attacker's arbitrary code.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRemote Code Execution (RCE)\u003c/strong\u003e: The attacker's code runs with the privileges of the vulnerable application, leading to remote code execution on the target system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-71359 results in remote code execution (RCE) on the host system where the vulnerable \u003ccode\u003epicklescan\u003c/code\u003e library is used to validate and subsequently deserialize malicious pickle files. This level of access allows attackers to take complete control of the affected application and potentially the underlying server. Consequences can include unauthorized data access, modification, or deletion, installation of malware (e.g., ransomware, backdoors), lateral movement within the network, and complete system compromise. The severity of the impact depends on the privileges of the compromised application and the data it processes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update \u003ccode\u003epicklescan\u003c/code\u003e to version 0.0.29 or newer to remediate CVE-2025-71359.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for all incoming pickle files, regardless of \u003ccode\u003epicklescan\u003c/code\u003e usage.\u003c/li\u003e\n\u003cli\u003eAdopt secure deserialization practices by never deserializing untrusted data. If deserialization is unavoidable, implement restricted unpickling environments, such as those that limit available classes and functions during \u003ccode\u003epickle.load()\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T02:23:45Z","date_published":"2026-07-04T02:23:45Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71359-picklescan-rce/","summary":"Picklescan versions prior to 0.0.29 are vulnerable to remote code execution (CVE-2025-71359) due to a failure in detecting malicious Python pickle payloads that utilize `lib2to3.pgen2.grammar.Grammar.loads`, allowing attackers to craft files that evade detection and execute arbitrary code during deserialization.","title":"CVE-2025-71359: Picklescan Deserialization RCE Bypass","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71359-picklescan-rce/"}],"language":"en","title":"CraftedSignal Threat Feed - Picklescan \u003c 0.0.29","version":"https://jsonfeed.org/version/1.1"}