Arbitrary Code Execution Vulnerability in Picklescan by Maitre314
CVE-2025-71343

7.6HIGH

Key Information:

Vendor

Picklescan

Vendor
CVE Published:
4 July 2026

What is CVE-2025-71343?

The vulnerability in Picklescan prior to version 0.0.30 allows attackers to exploit the mishandling of malicious pickle files. Specifically, the lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method is susceptible to being bypassed, enabling crafted pickle files to execute arbitrary commands. This occurs when the vulnerable version processes these files with pickle.load(), leading to potential system compromise without detection.

Affected Version(s)

picklescan 0 < 0.0.30

picklescan 0.0.30

References

CVSS V4

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

FredericDT
.