Remote Code Execution Vulnerability in Picklescan Product by Maitre314
CVE-2025-71323

9.3CRITICAL

Key Information:

Vendor: Picklescan
Status: Picklescan
Vendor: CVE Published:; 17 June 2026

What is CVE-2025-71323?

The Picklescan tool, prior to version 0.0.33, is susceptible to a security vulnerability that permits remote code execution due to improper management of the ctypes module. Utilizing this flaw, an attacker can create malicious pickle files capable of invoking functions from the kernel32.dll through ctypes.WinDLL, which grants the ability to execute arbitrary commands. This exploitation circumvents established sandbox protections and mitigations designed to detect gadget chains, highlighting a significant risk for users. Users are advised to upgrade to the latest version to safeguard against this vulnerability.

Affected Version(s)

picklescan 0 < 0.0.33

picklescan 0.0.33

References

https://github.com/mmaitre314/picklescan/security/advisor...

vendor-advisory

https://www.vulncheck.com/advisories/picklescan-remote-co...

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 8, 2026

Credit

0x-Apollyon

CVE-2025-71323 Data

JSON