Home

Description

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

PUBLISHED Reserved 2026-06-20 | Published 2026-06-21 | Updated 2026-06-22 | Assigner VulnCheck




HIGH: 7.6CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Problem types

Deserialization of Untrusted Data

Product status

Default status
unaffected

Any version before 0.0.30
affected

0.0.30 (semver)
unaffected

Credits

FredericDT reporter

References

github.com/...lescan/security/advisories/GHSA-j343-8v2j-ff7w exploit

github.com/...lescan/security/advisories/GHSA-j343-8v2j-ff7w (GHSA Advisory GHSA-j343-8v2j-ff7w) vendor-advisory

www.vulncheck.com/...-pyshell-modifiedinterpreter-runcommand (VulnCheck Advisory: picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand) third-party-advisory

cve.org (CVE-2025-71357)

nvd.nist.gov (CVE-2025-71357)

Download JSON