Remote Code Execution Vulnerability in Picklescan by MMAITRE314
CVE-2025-71367
7.6HIGH
What is CVE-2025-71367?
Prior to version 0.0.34, Picklescan fails to properly detect the use of the _operator.attrgetter function within pickle payloads. This oversight allows remote attackers to circumvent existing security checks by crafting malicious pickle files. When these files are processed using pickle.load(), it can lead to the execution of arbitrary code, posing significant security risks for systems relying on this functionality.
Affected Version(s)
picklescan 0 < 0.0.34
picklescan 0.0.34
