Arbitrary Code Execution in Picklescan by Mmaitre314
CVE-2025-71356
7.6HIGH
What is CVE-2025-71356?
Picklescan versions before 0.0.28 are susceptible to an arbitrary code execution vulnerability that occurs due to the inability of the software to detect malicious calls to torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression within pickle files. This vulnerability enables attackers to craft malicious pickle files containing undetected code, which is executed remotely when victims load these compromised files.
Affected Version(s)
picklescan 0 < 0.0.28
picklescan 0.0.28
