PT-2026-51383 · Picklescan · Picklescan

Ac0D3R

Published

2026-06-22

Updated

2026-06-22

CVE-2025-71339

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran. eval length gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2025-71339

Affected Products

Picklescan

PT-2026-51383 · Picklescan · Picklescan

CVE-2025-71339

Weakness Enumeration

Related Identifiers

Affected Products

References · 3