Remote Code Execution Vulnerability in Picklescan by M. Maitre
CVE-2025-71353
7.6HIGH
What is CVE-2025-71353?
Versions of Picklescan prior to 0.0.28 are susceptible to a vulnerability that allows attackers to create malicious pickle files. These files exploit the torch._dynamo.guards.GuardBuilder.get function within reduce methods. This exploitation enables the execution of arbitrary commands when these pickle files are processed, thereby posing a significant risk to systems utilizing this software.
Affected Version(s)
picklescan 0 < 0.0.28
picklescan 0.0.28
