← voltar
CVE-2025-71365

picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass

CVSS 7.6 HIGHEPSS 0.3%CWE-502
picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Produtos afetados
picklescan · picklescan

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3329-ghmp-jmv5https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-numpy-f2py-crackfortran-myeval-detection-bypass