Product
CVE-2025-71373: Picklescan Bypass via `operator.methodcaller` Leads to Arbitrary Code Execution
1 TTP 1 CVERemote attackers can bypass security checks in `picklescan` versions prior to 0.0.33 by crafting malicious pickle payloads utilizing `operator.methodcaller` function calls, which upon loading by systems relying on `picklescan` for validation, results in arbitrary code execution and system compromise.
CVE-2025-71372: Picklescan Deserialization Vulnerability (Numpy Gadget)
2 TTPs 1 CVE 2 IOCsCVE-2025-71372 describes a critical vulnerability in Picklescan versions prior to 0.0.33, where the tool fails to detect a specific numpy gadget in pickle `__reduce__` methods, allowing attackers to craft malicious pickle files that execute arbitrary Python code when loaded, bypassing safety checks and enabling supply-chain poisoning of shared model files.
CVE-2025-71347: Picklescan Bypass Leads to Arbitrary Code Execution via Malicious Pickle Files
2 TTPs 1 CVE 2 IOCsA critical vulnerability (CVE-2025-71347) exists in picklescan prior to version 0.0.33, allowing remote attackers to bypass security checks by failing to detect malicious pickle files leveraging the numpy.f2py.crackfortran.param_eval function, leading to arbitrary code execution upon deserialization of untrusted data.