Arbitrary Code Execution Vulnerability in Picklescan by Maitre314
CVE-2025-71343
7.6HIGH
What is CVE-2025-71343?
The vulnerability in Picklescan prior to version 0.0.30 allows attackers to exploit the mishandling of malicious pickle files. Specifically, the lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method is susceptible to being bypassed, enabling crafted pickle files to execute arbitrary commands. This occurs when the vulnerable version processes these files with pickle.load(), leading to potential system compromise without detection.
Affected Version(s)
picklescan 0 < 0.0.30
picklescan 0.0.30
