Skip to content
Threat Feed

Product

Picklescan < 0.0.30

3 briefs RSS
high advisory

CVE-2025-71345: Picklescan Malicious Pickle File Detection Bypass Leading to RCE

CVE-2025-71345 describes a critical vulnerability in `picklescan` versions prior to 0.0.30, where attackers can embed undetected malicious code within pickle files that specifically invoke the `torch.utils.bottleneck.__main__.run_autograd_prof` function, leading to remote code execution upon deserialization by bypassing `picklescan`'s security checks.

picklescan < 0.0.30 remote-code-execution deserialization python machine-learning vulnerability
2t 1c
high advisory

CVE-2025-71343 — picklescan Detection Bypass via Malicious Pickle Files

A deserialization vulnerability, CVE-2025-71343, in picklescan before version 0.0.30 allows attackers to craft malicious pickle files that evade detection and lead to arbitrary code execution when loaded via `pickle.load()`.

picklescan < 0.0.30 deserialization remote-code-execution python vulnerability detection-bypass
2t 1c
high advisory

CVE-2025-71342: picklescan Remote Code Execution Vulnerability

A critical vulnerability (CVE-2025-71342) exists in picklescan versions prior to 0.0.30, where it fails to detect malicious code embedded in Python pickle files by leveraging `idlelib.run.Executive.runcode` in reduce methods, allowing attackers to conceal and execute arbitrary code during `pickle.load` operations, leading to remote code execution (RCE) and potential supply chain attacks, particularly impacting PyTorch models.

picklescan < 0.0.30 vulnerability rce supply-chain python pickle pytorch
1t 1c