Vulnerability Description
picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3gf5-cxq9-w223
- https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-idleli
- https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3gf5-cxq9-w223
FAQ
What is CVE-2025-71340?
CVE-2025-71340 is a vulnerability with a CVSS score of 8.1 (HIGH). picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that...
How severe is CVE-2025-71340?
CVE-2025-71340 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-71340?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.