CVE-2025-71357

picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand

CVSS 7.6 HIGHEPSS 0.2%CWE-502

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Productos afectados

picklescan · picklescan

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/mmaitre314/picklescan/security/advisories/GHSA-j343-8v2j-ff7w https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-undetected-idlelib-pyshell-modifiedinterpreter-runcommand