<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Picklescan &lt; 0.0.34 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/picklescan--0.0.34/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Sat, 04 Jul 2026 02:27:18 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/picklescan--0.0.34/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2025-71367: Picklescan Bypass Leading to Arbitrary Code Execution</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71367-picklescan/</link><pubDate>Sat, 04 Jul 2026 02:27:18 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71367-picklescan/</guid><description>Picklescan versions prior to 0.0.34 contain a deserialization vulnerability (CVE-2025-71367) that allows remote attackers to bypass security checks by crafting malicious pickle files using `_operator.attrgetter` in reduce methods, leading to arbitrary code execution when `pickle.load()` processes the file.</description><content:encoded><![CDATA[<p>A critical vulnerability, CVE-2025-71367, has been identified in <code>picklescan</code> versions prior to 0.0.34. This security flaw stems from <code>picklescan</code>'s inability to properly detect the use of <code>_operator.attrgetter</code> function calls when they are embedded within <code>pickle</code> payloads' <code>reduce</code> methods. This oversight allows remote attackers to effectively bypass <code>picklescan</code>'s intended security checks, designed to prevent malicious deserialization. By crafting a specially designed <code>pickle</code> file that leverages this bypass, an attacker can achieve arbitrary code execution on systems that deserialize these files using <code>pickle.load()</code> while relying on the vulnerable <code>picklescan</code> version for security. This vulnerability exposes affected applications to severe compromise, including full system control and data exfiltration.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker crafts a malicious Python <code>pickle</code> file containing carefully constructed bytecode.</li>
<li>The malicious <code>pickle</code> payload specifically utilizes the <code>_operator.attrgetter</code> function within <code>reduce</code> methods to invoke arbitrary code.</li>
<li>This specific structure is designed to evade the security detection mechanisms implemented in <code>picklescan</code> versions before 0.0.34.</li>
<li>The attacker delivers this crafted <code>pickle</code> file to a victim system, potentially via email attachments, compromised package repositories, or malicious downloads.</li>
<li>A vulnerable application on the victim system attempts to deserialize the malicious <code>pickle</code> file using Python's <code>pickle.load()</code> function.</li>
<li>During the deserialization process, the integrated <code>picklescan</code> library (version &lt; 0.0.34) fails to identify the embedded, malicious <code>_operator.attrgetter</code> calls as a threat.</li>
<li>Due to <code>picklescan</code>'s detection bypass, the deserialization process proceeds unchecked, leading to the execution of the arbitrary code defined within the malicious <code>pickle</code> payload.</li>
<li>The attacker successfully achieves arbitrary code execution on the victim system, potentially leading to system compromise, data theft, or further lateral movement.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2025-71367 can lead to severe consequences for organizations utilizing <code>picklescan</code> versions before 0.0.34. Since the vulnerability allows for arbitrary code execution, attackers can gain full control over the compromised system, leading to unauthorized data access, modification, or destruction. This could result in significant data breaches, operational disruption, and reputational damage. While specific victim counts are not available, any system processing untrusted <code>pickle</code> files with vulnerable <code>picklescan</code> versions is at risk, particularly those in data science, machine learning, or software development pipelines where <code>pickle</code> is frequently used for object serialization.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update <code>picklescan</code> to version 0.0.34 or higher to remediate CVE-2025-71367.</li>
<li>Ensure all applications and services that handle <code>pickle</code> files are using the patched <code>picklescan</code> library.</li>
<li>Implement secure deserialization practices, avoiding <code>pickle.load()</code> of untrusted data even with security scanning, as illustrated by CVE-2025-71367.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>deserialization</category><category>vulnerability</category><category>python</category><category>pickle</category><category>rce</category></item></channel></rss>