Back to overview

CVE-2025-71355

HIGH Exploitation: PoC
7.6
CVSS 4.0
Description
Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring within the reduce method to import dangerous libraries like os and execute arbitrary OS commands when the pickle file is loaded.

Metadata

CVE ID
CVE-2025-71355
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-20 12:55 UTC
Published
2026-06-30 22:08 UTC
Last updated
2026-07-01 14:55 UTC
Primary CWE
CWE-184
Incomplete List of Disallowed Inputs
Vendor / Product
Picklescan / Picklescan
Sources
cve.org  ·  NVD

Severity & Metrics

7.6 HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
yes
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
Picklescan Picklescan 0 < 0.0.25, 0.0.25
Weakness (CWE)
CWESourceDescription
CWE-184 cna Incomplete List of Disallowed Inputs
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.6 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
References (2)
Back to overview