Product
CVE-2025-71345: Picklescan Malicious Pickle File Detection Bypass Leading to RCE
2 TTPs 1 CVECVE-2025-71345 describes a critical vulnerability in `picklescan` versions prior to 0.0.30, where attackers can embed undetected malicious code within pickle files that specifically invoke the `torch.utils.bottleneck.__main__.run_autograd_prof` function, leading to remote code execution upon deserialization by bypassing `picklescan`'s security checks.
CVE-2025-71343 — picklescan Detection Bypass via Malicious Pickle Files
2 TTPs 1 CVEA deserialization vulnerability, CVE-2025-71343, in picklescan before version 0.0.30 allows attackers to craft malicious pickle files that evade detection and lead to arbitrary code execution when loaded via `pickle.load()`.
CVE-2025-71342: picklescan Remote Code Execution Vulnerability
1 TTP 1 CVEA critical vulnerability (CVE-2025-71342) exists in picklescan versions prior to 0.0.30, where it fails to detect malicious code embedded in Python pickle files by leveraging `idlelib.run.Executive.runcode` in reduce methods, allowing attackers to conceal and execute arbitrary code during `pickle.load` operations, leading to remote code execution (RCE) and potential supply chain attacks, particularly impacting PyTorch models.