Arbitrary Code Execution Vulnerability in Picklescan by Picklescan Team
CVE-2025-71339

7.6HIGH

Key Information:

Vendor: Picklescan
Status: Picklescan
Vendor: CVE Published:; 22 June 2026

What is CVE-2025-71339?

The vulnerability in Picklescan prior to version 0.0.33 stems from its failure to properly validate the numpy.f2py.crackfortran._eval_length gadget within pickle reduce methods. This oversight enables attackers to create malicious pickle files that, when processed by users trusting the validation features of Picklescan, can result in the execution of arbitrary Python code, posing significant security risks.

Affected Version(s)

Picklescan 0 < 0.0.33

Picklescan 0.0.33

References

https://github.com/mmaitre314/picklescan/security/advisor...

vendor-advisory

https://www.vulncheck.com/advisories/picklescan-arbitrary...

third-party-advisory

CVSS V4

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 20, 2026

Credit

ac0d3r

Lyutoon

CVE-2025-71339 Data

JSON