Remote Code Execution Vulnerability in Picklescan by Maitre
CVE-2025-71360
7.6HIGH
What is CVE-2025-71360?
A vulnerability in Picklescan versions prior to 0.0.29 allows attackers to embed malicious code within pickle files. This occurs due to a flaw in the idlelib.calltip.get_entity function used in the reduction methods, which fails to detect these malicious files. When a victim loads a compromised pickle file, it can execute arbitrary commands on the victim's machine, posing a significant security risk. Users are advised to upgrade to the latest version to mitigate this threat.
Affected Version(s)
picklescan 0 < 0.0.29
picklescan 0.0.29
