CVE-2025-71340 | THREATINT

Description

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.

PUBLISHED Reserved 2026-06-20 | Published 2026-06-25 | Updated 2026-06-25 | Assigner VulnCheck

HIGH: 7.6CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Problem types

Deserialization of Untrusted Data

Product status

Default status

unaffected

Any version

affected

0.0.30 (semver)

unaffected

Credits

FredericDT reporter

References

github.com/...lescan/security/advisories/GHSA-3gf5-cxq9-w223 (GitHub Security Advisory (GHSA-3gf5-cxq9-w223)) vendor-advisory

www.vulncheck.com/...lib-pyshell-modifiedinterpreter-runcode (VulnCheck Advisory: picklescan - Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode) third-party-advisory

cve.org (CVE-2025-71340)

nvd.nist.gov (CVE-2025-71340)

Download JSON