CVE-2025-71321

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file util.write file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution.