CVE-2025-71348 | picklescan before 0.0.28 fails to detect malicious pickle fi… | CVSS 8.1 HIGH

Description

picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks.

Metadata

CVE ID: CVE-2025-71348
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-20 12:48 UTC
Published: 2026-06-21 13:26 UTC
Last updated: 2026-06-21 13:26 UTC
Primary CWE: CWE-502
Deserialization of Untrusted Data
Vendor / Product: picklescan / picklescan
Sources: cve.org · NVD

Severity & Metrics

8.1 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
picklescan	picklescan	—	0 < 0.0.28, 0.0.28

Weakness (CWE)

CWE	Source	Description
CWE-502	cna	Deserialization of Untrusted Data

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.1	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
7.6	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References (2)

GHSA Advisory GHSA-vv6j-3g6g-2pvj https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vv6j-3g6g-2pvj
VulnCheck Advisory: picklescan - Arbitrary Code Execution via torch.utils._config_module.load_config Bypass https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-torch-utils-config-module-load-config-bypass