{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/picklescan/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2025-71375"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["picklescan (before 0.0.34)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","rce","deserialization","python","picklescan"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2025-71375, has been identified in the \u003ccode\u003epicklescan\u003c/code\u003e Python library, affecting all versions before 0.0.34. This flaw allows malicious actors to bypass security checks designed to detect harmful code within Python pickle files. Specifically, \u003ccode\u003epicklescan\u003c/code\u003e fails to recognize the \u003ccode\u003e_operator.methodcaller\u003c/code\u003e built-in function as a potential threat vector. Attackers can leverage this oversight to embed arbitrary code within a pickle payload. When such a specially crafted payload is subsequently loaded by an application using Python's standard \u003ccode\u003epickle.load()\u003c/code\u003e function, the embedded malicious code will execute, leading to potential system compromise. This vulnerability is significant for organizations that process or share Python pickle files and rely on \u003ccode\u003epicklescan\u003c/code\u003e for their security posture.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious Python pickle payload, meticulously designed to leverage the \u003ccode\u003e_operator.methodcaller\u003c/code\u003e built-in function to embed arbitrary code.\u003c/li\u003e\n\u003cli\u003eThe malicious pickle payload is delivered to a target system, potentially as part of an uploaded file, a network stream, or a malicious data artifact exchanged between services.\u003c/li\u003e\n\u003cli\u003eA system or application utilizing the \u003ccode\u003epicklescan\u003c/code\u003e library (version prior to 0.0.34) attempts to scan the received pickle file for malicious content to ensure its safety before processing.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability (CVE-2025-71375), \u003ccode\u003epicklescan\u003c/code\u003e fails to identify the \u003ccode\u003e_operator.methodcaller\u003c/code\u003e based malicious code within the pickle payload, allowing it to be marked as \u0026quot;safe\u0026quot; or undetected.\u003c/li\u003e\n\u003cli\u003eThe legitimate application or service then proceeds to load the unsanitized (and still malicious) pickle file into memory using Python's \u003ccode\u003epickle.load()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eUpon deserialization, the \u003ccode\u003e_operator.methodcaller\u003c/code\u003e embedded in the pickle payload triggers the execution of the attacker's arbitrary code within the context and privileges of the vulnerable application.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution, which can lead to data exfiltration, system compromise, establishment of persistence, or further network pivoting within the victim's environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2025-71375 grants attackers arbitrary code execution capabilities on the affected system. This can lead to severe consequences, including full system compromise, sensitive data exfiltration, denial of service, or the deployment of further malware such as ransomware. While no specific victim count or targeted sectors are mentioned, any organization or developer using \u003ccode\u003epicklescan\u003c/code\u003e before version 0.0.34 to sanitize Python pickle files is at risk. The CVSS v3.1 base score of 8.1 (High) underscores the critical nature of this vulnerability, highlighting that it can be exploited remotely without authentication, requiring only user interaction (e.g., loading the malicious pickle).\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2025-71375 immediately by upgrading the \u003ccode\u003epicklescan\u003c/code\u003e library to version 0.0.34 or higher in all development, staging, and production environments.\u003c/li\u003e\n\u003cli\u003eImplement strong input validation and deserialization policies, assuming any untrusted pickle file, even those scanned by vulnerable versions of \u003ccode\u003epicklescan\u003c/code\u003e, may contain malicious code.\u003c/li\u003e\n\u003cli\u003eReview existing codebases for instances of \u003ccode\u003epickle.load()\u003c/code\u003e being used on data from untrusted sources, even if processed by \u003ccode\u003epicklescan\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T02:30:22Z","date_published":"2026-07-04T02:30:22Z","id":"https://feed.craftedsignal.io/briefs/2026-07-picklescan-cve-2025-71375/","summary":"A vulnerability in `picklescan` versions prior to 0.0.34 (CVE-2025-71375) allows attackers to craft malicious Python pickle payloads using the `_operator.methodcaller` built-in function, which evades detection by the `picklescan` library and enables arbitrary code execution when the payload is loaded by an application using `pickle.load()`.","title":"CVE-2025-71375: Picklescan Arbitrary Code Execution via _operator.methodcaller Evasion","url":"https://feed.craftedsignal.io/briefs/2026-07-picklescan-cve-2025-71375/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2025-71373"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["picklescan \u003c 0.0.33"],"_cs_severities":["high"],"_cs_tags":["vulnerability","rce","picklescan","python","deserialization"],"_cs_type":"advisory","_cs_vendors":["picklescan"],"content_html":"\u003cp\u003eCVE-2025-71373 details a critical vulnerability affecting \u003ccode\u003epicklescan\u003c/code\u003e versions before 0.0.33, a tool designed to validate the safety of Python pickle files. This flaw allows remote attackers to circumvent the security mechanisms by embedding \u003ccode\u003eoperator.methodcaller\u003c/code\u003e function calls within crafted pickle files. \u003ccode\u003epicklescan\u003c/code\u003e fails to detect these specific calls, mistakenly deeming the malicious files as safe. Consequently, any system that processes these specially crafted pickle files and relies on the vulnerable \u003ccode\u003epicklescan\u003c/code\u003e for validation will execute the embedded arbitrary code upon loading the file, leading to full system compromise. This vulnerability carries a CVSS v3.1 base score of 8.1 (High), highlighting its severe impact and ease of exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Python pickle file containing arbitrary code embedded within \u003ccode\u003eoperator.methodcaller\u003c/code\u003e function calls.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers this malicious pickle file to a target system, potentially via email, file upload functionality, or as part of a data exchange.\u003c/li\u003e\n\u003cli\u003eThe target system, which is configured to process Python pickle files, receives the malicious payload.\u003c/li\u003e\n\u003cli\u003eThe system invokes \u003ccode\u003epicklescan\u003c/code\u003e (version prior to 0.0.33) to validate the safety and integrity of the incoming pickle file.\u003c/li\u003e\n\u003cli\u003eDuring validation, \u003ccode\u003epicklescan\u003c/code\u003e fails to correctly identify and flag the \u003ccode\u003eoperator.methodcaller\u003c/code\u003e function calls as malicious, allowing the bypass of its security checks.\u003c/li\u003e\n\u003cli\u003eThe target application, erroneously assuming the pickle file is safe based on \u003ccode\u003epicklescan\u003c/code\u003e's flawed validation, proceeds to load the file into memory.\u003c/li\u003e\n\u003cli\u003eUpon loading, the arbitrary code embedded within the \u003ccode\u003eoperator.methodcaller\u003c/code\u003e context is executed on the target system.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution, leading to system compromise, which can involve data exfiltration, further persistence, or other malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-71373 grants remote attackers arbitrary code execution capabilities on affected systems. Organizations utilizing \u003ccode\u003epicklescan\u003c/code\u003e for validating pickle files, particularly in data processing pipelines or applications handling untrusted serialized Python objects, are at risk. This could lead to complete compromise of the affected servers or workstations, potentially resulting in data breaches, installation of malware, or disruption of critical services. The CVSS score of 8.1 reflects the high severity, indicating that an unauthenticated attacker can achieve high confidentiality and integrity impact with low attack complexity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update \u003ccode\u003epicklescan\u003c/code\u003e to version 0.0.33 or later to patch CVE-2025-71373.\u003c/li\u003e\n\u003cli\u003eEnsure all applications handling Python pickle files validate their source and integrity rigorously, even when using security scanners.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation and sanitization for all external inputs, especially those that might involve deserialization of data, to prevent malicious pickle files from being processed.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T02:29:27Z","date_published":"2026-07-04T02:29:27Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71373-picklescan-bypass/","summary":"Remote attackers can bypass security checks in `picklescan` versions prior to 0.0.33 by crafting malicious pickle payloads utilizing `operator.methodcaller` function calls, which upon loading by systems relying on `picklescan` for validation, results in arbitrary code execution and system compromise.","title":"CVE-2025-71373: Picklescan Bypass via `operator.methodcaller` Leads to Arbitrary Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71373-picklescan-bypass/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2025-71366"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["picklescan \u003c 0.0.28"],"_cs_severities":["high"],"_cs_tags":["cve","vulnerability","deserialization","python","picklescan"],"_cs_type":"advisory","_cs_vendors":["picklescan"],"content_html":"\u003cp\u003eA significant deserialization vulnerability, tracked as CVE-2025-71366, has been identified in \u003ccode\u003epicklescan\u003c/code\u003e versions predating 0.0.28. This flaw allows malicious actors to craft Python pickle files that include specific \u003ccode\u003etorch.utils.bottleneck.__main__.run_cprofile\u003c/code\u003e function calls. Critically, the \u003ccode\u003epicklescan\u003c/code\u003e library, designed to detect and prevent malicious code execution from untrusted pickle files, fails to properly identify these embedded calls. This bypass of security checks enables remote attackers to inject and execute arbitrary code. When a victim's system loads such a specially crafted and undetected malicious pickle file, the embedded code executes with the privileges of the application processing the file, leading to potential system compromise and data loss. This vulnerability is highly impactful due to the widespread use of pickle files in Python ecosystems for data serialization and the security trust placed in \u003ccode\u003epicklescan\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Python pickle file containing a serialized object that leverages \u003ccode\u003etorch.utils.bottleneck.__main__.run_cprofile\u003c/code\u003e to embed arbitrary code.\u003c/li\u003e\n\u003cli\u003eThe attacker ensures the payload is specifically designed to bypass the detection mechanisms implemented in \u003ccode\u003epicklescan\u003c/code\u003e versions older than 0.0.28.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the crafted malicious pickle file to a target system, potentially through untrusted data ingestion, shared repositories, or direct download.\u003c/li\u003e\n\u003cli\u003eA user or an automated process on the victim's system initiates the loading of the malicious pickle file using a Python application that integrates with the vulnerable \u003ccode\u003epicklescan\u003c/code\u003e library.\u003c/li\u003e\n\u003cli\u003eDuring the scanning process, the vulnerable \u003ccode\u003epicklescan\u003c/code\u003e library (version \u0026lt; 0.0.28) fails to detect the malicious \u003ccode\u003etorch.utils.bottleneck.__main__.run_cprofile\u003c/code\u003e call due to the inherent deserialization vulnerability.\u003c/li\u003e\n\u003cli\u003eUpon deserialization of the undetected malicious pickle file, the embedded arbitrary code is executed on the victim's system, achieving remote code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-71366 results in arbitrary code execution on the victim's system, allowing attackers to take full control of the compromised machine. This can lead to unauthorized data access, modification, or exfiltration; installation of malware such as ransomware or backdoors; and further lateral movement within the network. While specific victim counts or targeted sectors are not provided in the source, any organization or individual processing untrusted pickle files with vulnerable versions of \u003ccode\u003epicklescan\u003c/code\u003e could be at risk, especially those in data science, machine learning, or research environments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2025-71366 immediately\u003c/strong\u003e by upgrading \u003ccode\u003epicklescan\u003c/code\u003e to version 0.0.28 or later to address the deserialization vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement strict validation and sandboxing for all incoming pickle files, especially those from untrusted sources, even after patching, as a defense-in-depth measure against similar deserialization flaws.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T02:26:41Z","date_published":"2026-07-04T02:26:41Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71366-picklescan-deserialization/","summary":"A critical deserialization vulnerability (CVE-2025-71366) exists in picklescan versions prior to 0.0.28, allowing remote attackers to bypass safety checks by embedding malicious `torch.utils.bottleneck.__main__.run_cprofile` function calls in pickle files, leading to arbitrary code execution when victims load the crafted files.","title":"CVE-2025-71366: Picklescan Deserialization Vulnerability Leads to RCE","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71366-picklescan-deserialization/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2025-71362"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["picklescan (\u003c 0.0.33)"],"_cs_severities":["high"],"_cs_tags":["cve","deserialization","python","arbitrary-code-execution","vulnerability","picklescan"],"_cs_type":"advisory","_cs_vendors":["picklescan"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2025-71362, has been identified in \u003ccode\u003epicklescan\u003c/code\u003e versions prior to 0.0.33. This issue stems from \u003ccode\u003epicklescan\u003c/code\u003e's failure to adequately detect unsafe deserialization patterns within \u003ccode\u003enumpy.f2py.crackfortran\u003c/code\u003e functions. Specifically, when these functions process data, they may call \u003ccode\u003eeval\u003c/code\u003e on arbitrary strings derived from pickle files, creating an arbitrary code execution vector. Attackers can craft malicious pickle files containing embedded code. If these untrusted files are subsequently loaded and processed by a vulnerable \u003ccode\u003epicklescan\u003c/code\u003e instance, the embedded malicious code will execute, granting the attacker control over the compromised system. This vulnerability poses a significant risk to applications and environments that handle or process pickle files from external or untrusted sources.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Identification\u003c/strong\u003e: An attacker identifies a target system or application that uses \u003ccode\u003epicklescan\u003c/code\u003e (version \u0026lt; 0.0.33) to process Python pickle files.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMalicious Pickle File Creation\u003c/strong\u003e: The attacker crafts a specially designed pickle file that contains malicious Python code. This code is structured to exploit the unsafe deserialization flaw in \u003ccode\u003enumpy.f2py.crackfortran\u003c/code\u003e functions, ensuring that when the file is loaded, the \u003ccode\u003eeval\u003c/code\u003e function is called with the attacker's payload.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDelivery\u003c/strong\u003e: The attacker delivers the malicious pickle file to the victim. This could be via email (as an attachment), through a compromised web application, or by placing it in a location where the victim's application is expected to load files (e.g., a shared drive, an untrusted repository).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser/Application Interaction\u003c/strong\u003e: The victim's application or user, believing the pickle file to be legitimate or benign, initiates the loading process of the untrusted pickle file using the vulnerable \u003ccode\u003epicklescan\u003c/code\u003e library.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerable Deserialization\u003c/strong\u003e: During the deserialization process, the \u003ccode\u003epicklescan\u003c/code\u003e library invokes \u003ccode\u003enumpy.f2py.crackfortran\u003c/code\u003e functions. Due to the CVE-2025-71362 vulnerability, these functions call \u003ccode\u003eeval\u003c/code\u003e on the arbitrary malicious strings embedded within the pickle file.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eArbitrary Code Execution\u003c/strong\u003e: The \u003ccode\u003eeval\u003c/code\u003e call executes the attacker's embedded malicious code within the context of the vulnerable application, leading to arbitrary code execution on the host system.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact on System\u003c/strong\u003e: With arbitrary code execution, the attacker can achieve various objectives, such as data exfiltration, installation of malware, establishment of persistence, or full system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2025-71362 allows for arbitrary code execution on the system running the vulnerable \u003ccode\u003epicklescan\u003c/code\u003e instance. This means an attacker could gain full control over the affected system, potentially leading to complete data compromise, installation of ransomware, deployment of backdoors, or lateral movement within the network. While specific victim counts or targeted sectors are not detailed in the NVD advisory, any organization or developer using affected versions of \u003ccode\u003epicklescan\u003c/code\u003e to process untrusted Python pickle files is at risk. The consequences range from data breach and operational disruption to severe reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2025-71362\u003c/strong\u003e: Immediately upgrade \u003ccode\u003epicklescan\u003c/code\u003e to version 0.0.33 or later to mitigate CVE-2025-71362.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImplement Input Validation\u003c/strong\u003e: Ensure that all pickle files processed by applications are from trusted sources and implement strict validation before deserialization.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIsolate Processing\u003c/strong\u003e: If processing untrusted pickle files is unavoidable, perform the deserialization in a highly isolated environment (e.g., a secure sandbox or virtual machine) to contain potential arbitrary code execution.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T02:25:03Z","date_published":"2026-07-04T02:25:03Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71362-picklescan/","summary":"picklescan versions prior to 0.0.33 are vulnerable to unsafe deserialization via CVE-2025-71362, allowing attackers to embed malicious code in pickle files that executes due to `numpy.f2py.crackfortran` calling `eval` on arbitrary strings when loaded from untrusted sources, leading to arbitrary code execution.","title":"CVE-2025-71362 — picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functio...","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2025-71362-picklescan/"}],"language":"en","title":"CraftedSignal Threat Feed - Picklescan","version":"https://jsonfeed.org/version/1.1"}