Remote Code Execution Vulnerability in Picklescan Product by Maitre314
CVE-2025-71347
7.6HIGH
What is CVE-2025-71347?
The vulnerability in Picklescan prior to version 0.0.33 exposes applications to severe security risks by failing to adequately detect malicious pickle files. Exploited through the numpy.f2py.crackfortran.param_eval function, attackers can successfully embed harmful code within these files, which can be executed during the deserialization process of untrusted data. This flaw emphasizes the critical need for enhanced scrutiny of pickle file handling to prevent arbitrary code execution.
Affected Version(s)
picklescan 0 < 0.0.33
picklescan 0.0.33
