PT-2026-50452 · Picklescan · Picklescan
0X-Apollyon
·
Published
2026-06-17
·
Updated
2026-06-17
·
CVE-2025-71321
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file util.write file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Picklescan