<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Picklescan (Before 0.0.34) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/picklescan-before-0.0.34/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Sat, 04 Jul 2026 02:30:22 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/picklescan-before-0.0.34/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2025-71375: Picklescan Arbitrary Code Execution via _operator.methodcaller Evasion</title><link>https://feed.craftedsignal.io/briefs/2026-07-picklescan-cve-2025-71375/</link><pubDate>Sat, 04 Jul 2026 02:30:22 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-picklescan-cve-2025-71375/</guid><description>A vulnerability in `picklescan` versions prior to 0.0.34 (CVE-2025-71375) allows attackers to craft malicious Python pickle payloads using the `_operator.methodcaller` built-in function, which evades detection by the `picklescan` library and enables arbitrary code execution when the payload is loaded by an application using `pickle.load()`.</description><content:encoded><![CDATA[<p>A critical vulnerability, tracked as CVE-2025-71375, has been identified in the <code>picklescan</code> Python library, affecting all versions before 0.0.34. This flaw allows malicious actors to bypass security checks designed to detect harmful code within Python pickle files. Specifically, <code>picklescan</code> fails to recognize the <code>_operator.methodcaller</code> built-in function as a potential threat vector. Attackers can leverage this oversight to embed arbitrary code within a pickle payload. When such a specially crafted payload is subsequently loaded by an application using Python's standard <code>pickle.load()</code> function, the embedded malicious code will execute, leading to potential system compromise. This vulnerability is significant for organizations that process or share Python pickle files and rely on <code>picklescan</code> for their security posture.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker crafts a malicious Python pickle payload, meticulously designed to leverage the <code>_operator.methodcaller</code> built-in function to embed arbitrary code.</li>
<li>The malicious pickle payload is delivered to a target system, potentially as part of an uploaded file, a network stream, or a malicious data artifact exchanged between services.</li>
<li>A system or application utilizing the <code>picklescan</code> library (version prior to 0.0.34) attempts to scan the received pickle file for malicious content to ensure its safety before processing.</li>
<li>Due to the vulnerability (CVE-2025-71375), <code>picklescan</code> fails to identify the <code>_operator.methodcaller</code> based malicious code within the pickle payload, allowing it to be marked as &quot;safe&quot; or undetected.</li>
<li>The legitimate application or service then proceeds to load the unsanitized (and still malicious) pickle file into memory using Python's <code>pickle.load()</code> function.</li>
<li>Upon deserialization, the <code>_operator.methodcaller</code> embedded in the pickle payload triggers the execution of the attacker's arbitrary code within the context and privileges of the vulnerable application.</li>
<li>The attacker achieves arbitrary code execution, which can lead to data exfiltration, system compromise, establishment of persistence, or further network pivoting within the victim's environment.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2025-71375 grants attackers arbitrary code execution capabilities on the affected system. This can lead to severe consequences, including full system compromise, sensitive data exfiltration, denial of service, or the deployment of further malware such as ransomware. While no specific victim count or targeted sectors are mentioned, any organization or developer using <code>picklescan</code> before version 0.0.34 to sanitize Python pickle files is at risk. The CVSS v3.1 base score of 8.1 (High) underscores the critical nature of this vulnerability, highlighting that it can be exploited remotely without authentication, requiring only user interaction (e.g., loading the malicious pickle).</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2025-71375 immediately by upgrading the <code>picklescan</code> library to version 0.0.34 or higher in all development, staging, and production environments.</li>
<li>Implement strong input validation and deserialization policies, assuming any untrusted pickle file, even those scanned by vulnerable versions of <code>picklescan</code>, may contain malicious code.</li>
<li>Review existing codebases for instances of <code>pickle.load()</code> being used on data from untrusted sources, even if processed by <code>picklescan</code>.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>rce</category><category>deserialization</category><category>python</category><category>picklescan</category></item></channel></rss>