Remote Code Execution Vulnerability in Picklescan Product by Maitre314
CVE-2025-71347

7.6HIGH

Key Information:

Vendor

Picklescan

Vendor
CVE Published:
4 July 2026

What is CVE-2025-71347?

The vulnerability in Picklescan prior to version 0.0.33 exposes applications to severe security risks by failing to adequately detect malicious pickle files. Exploited through the numpy.f2py.crackfortran.param_eval function, attackers can successfully embed harmful code within these files, which can be executed during the deserialization process of untrusted data. This flaw emphasizes the critical need for enhanced scrutiny of pickle file handling to prevent arbitrary code execution.

Affected Version(s)

picklescan 0 < 0.0.33

picklescan 0.0.33

References

CVSS V4

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CoolwindHF
.