CVE-2025-71340 | picklescan through 0.0.26 fails to detect malicious pickle f… | CVSS 8.1 HIGH

Description

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.

Metadata

CVE ID: CVE-2025-71340
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-20 01:48 UTC
Published: 2026-06-25 21:41 UTC
Last updated: 2026-06-25 21:41 UTC
Primary CWE: CWE-502
Deserialization of Untrusted Data
Vendor / Product: picklescan / picklescan
Sources: cve.org · NVD

Severity & Metrics

8.1 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
picklescan	picklescan	—	0 ≤ 0.0.26, 0.0.30

Weakness (CWE)

CWE	Source	Description
CWE-502	cna	Deserialization of Untrusted Data

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.1	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
7.6	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References (2)

GitHub Security Advisory (GHSA-3gf5-cxq9-w223) https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3gf5-cxq9-w223
VulnCheck Advisory: picklescan - Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-idlelib-pyshell-modifiedinterpreter-runcode