CVE-2025-71342
picklescan - Undetected Remote Code Execution via idlelib.run.Executive.runcode
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.6EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
04 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
picklescan · picklescan