Remote Code Execution Risk in Picklescan by MMAITRE314
CVE-2025-71373

7.6HIGH

Key Information:

Vendor

Picklescan

Vendor
CVE Published:
4 July 2026

What is CVE-2025-71373?

Picklescan versions prior to 0.0.33 are susceptible to a vulnerability that permits remote attackers to exploit the operator.methodcaller function within pickle files. This defect allows malicious actors to craft specially designed pickle payloads, which can evade detection during security checks. When these payloads are processed, they can execute arbitrary code on affected systems that rely on Picklescan for validation, potentially leading to unauthorized access and system compromise.

Affected Version(s)

picklescan 0 < 0.0.33

picklescan 0.0.33

References

CVSS V4

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CoolwindHF
.