Code Execution Vulnerability in PickleScan Software by Maitre
CVE-2025-71322

8.7HIGH

Key Information:

Vendor: Picklescan
Status: Picklescan
Vendor: CVE Published:; 17 June 2026

What is CVE-2025-71322?

A security vulnerability in PickleScan prior to version 0.0.33 allows attackers to bypass security measures through the improper handling of unsafe globals. Specifically, the pty.spawn function was not included in the unsafe globals list, enabling malicious actors to craft specially formatted pickle payloads. When these payloads are processed by PickleScan, they can lead to arbitrary code execution, posing a significant risk to systems utilizing this software. Users are advised to upgrade to the latest version to mitigate this risk.

Affected Version(s)

PickleScan 0 < 0.0.33

PickleScan 0.0.33

References

https://github.com/mmaitre314/picklescan/security/advisor...

vendor-advisory

https://www.vulncheck.com/advisories/picklescan-unsafe-gl...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 8, 2026

Credit

yarienkiva

CVE-2025-71322 Data

JSON

Picklescan

What is CVE-2025-71322?

Affected Version(s)

References

CVSS V4

Timeline

Credit