CVE-2025-71320 | picklescan before 0.0.33 contains an incomplete deny-list th… | CVSS 9.8 CRITICAL

Description

picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when the pickle is deserialized.

Metadata

CVE ID: CVE-2025-71320
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-08 20:44 UTC
Published: 2026-06-17 15:04 UTC
Last updated: 2026-06-17 17:54 UTC
Primary CWE: CWE-184
Incomplete List of Disallowed Inputs
Vendor / Product: picklescan / picklescan
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
picklescan	picklescan	—	0 < 0.0.33, 0.0.33

Weakness (CWE)

CWE	Source	Description
CWE-184	cna	Incomplete List of Disallowed Inputs

CVSS scores (2)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (2)

GHSA Advisory GHSA-84r2-jw7c-4r5q https://github.com/mmaitre314/picklescan/security/advisories/GHSA-84r2-jw7c-4r5q
VulnCheck Advisory: picklescan - Remote Code Execution via Incomplete Disallowed Inputs https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-incomplete-disallowed-inputs