CVE-2025-71357

picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand

CVSS 7.6 HIGHEPSS 0.2%CWE-502

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected products

picklescan · picklescan

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/mmaitre314/picklescan/security/advisories/GHSA-j343-8v2j-ff7w https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-undetected-idlelib-pyshell-modifiedinterpreter-runcommand