Home

Description

picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks.

PUBLISHED Reserved 2026-06-20 | Published 2026-06-21 | Updated 2026-06-22 | Assigner VulnCheck




HIGH: 7.6CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Problem types

Deserialization of Untrusted Data

Product status

Default status
unaffected

Any version before 0.0.28
affected

0.0.28 (semver)
unaffected

Credits

FredericDT reporter

References

github.com/...lescan/security/advisories/GHSA-vv6j-3g6g-2pvj exploit

github.com/...lescan/security/advisories/GHSA-vv6j-3g6g-2pvj (GHSA Advisory GHSA-vv6j-3g6g-2pvj) vendor-advisory

www.vulncheck.com/...-utils-config-module-load-config-bypass (VulnCheck Advisory: picklescan - Arbitrary Code Execution via torch.utils._config_module.load_config Bypass) third-party-advisory

cve.org (CVE-2025-71348)

nvd.nist.gov (CVE-2025-71348)

Download JSON