CVE-2025-71325 | picklescan before 0.0.27 contains a parsing logic error in t… | CVSS 9.8 CRITICAL

Description

picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning.

Metadata

CVE ID: CVE-2025-71325
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-08 20:44 UTC
Published: 2026-06-17 15:05 UTC
Last updated: 2026-06-17 17:28 UTC
Primary CWE: CWE-391
Unchecked Error Condition
Vendor / Product: picklescan / picklescan
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
picklescan	picklescan	—	0 < 0.0.27, 0.0.27

Weakness (CWE)

CWE	Source	Description
CWE-391	cna	Unchecked Error Condition

CVSS scores (2)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (3)

GHSA Advisory GHSA-9gvj-pp9x-gcfr https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9gvj-pp9x-gcfr
https://github.com/mmaitre314/picklescan/commit/2a8383cfeb4158567f9770d86597300c9e508d0f https://github.com/mmaitre314/picklescan/commit/2a8383cfeb4158567f9770d86597300c9e508d0f
VulnCheck Advisory: picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw https://www.vulncheck.com/advisories/picklescan-detection-bypass-via-stack-global-opcode-parsing-logic-flaw