CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims.