CVE-2025-71323 | picklescan before 0.0.33 fails to block the ctypes module, a… | CVSS 9.8 CRITICAL

Description

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection.

Metadata

CVE ID: CVE-2025-71323
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-08 20:44 UTC
Published: 2026-06-17 15:05 UTC
Last updated: 2026-06-17 17:49 UTC
Primary CWE: CWE-184
Incomplete List of Disallowed Inputs
Vendor / Product: picklescan / picklescan
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
picklescan	picklescan	—	0 < 0.0.33, 0.0.33

Weakness (CWE)

CWE	Source	Description
CWE-184	cna	Incomplete List of Disallowed Inputs

CVSS scores (2)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (2)

GHSA Advisory GHSA-4675-36f9-wf6r https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4675-36f9-wf6r
VulnCheck Advisory: picklescan - Remote Code Execution via Unblocked ctypes Module https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-unblocked-ctypes-module