Remote Code Execution Vulnerability in picklescan by its Vendor
CVE-2025-71359
7.6HIGH
What is CVE-2025-71359?
The vulnerability in picklescan affects versions prior to 0.0.29, allowing attackers to exploit unsafe deserialization. Specifically, it fails to detect malicious pickle payloads that leverage lib2to3.pgen2.grammar.Grammar.loads within the reduce method. This oversight enables attackers to craft pickle files containing harmful code, allowing execution during the deserialization process with pickle.load(). Organizations utilizing affected versions are urged to update to secure their applications against potential remote code execution attacks.
Affected Version(s)
picklescan 0 < 0.0.29
picklescan 0.0.29
