CVE-2025-71344
HIGH 7.6picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip._run_pip calls in __reduce__ methods bypass picklescan detection and achieve remote code execution upon pickle.load() invocation.
ELEVATED IMPACT
Severe if exploited (CVSS 7.6), but no known exploitation and low modeled probability. Patch on a normal cadence.
Exploitation likelihood
0.4%chance of exploitation in 30 days · 29th percentile
○ In CISA KEV
○ Public exploit / PoC
Impact if exploited
7.6CVSS 4.0 · HIGH
- ConfidentialityHigh
- IntegrityHigh
- AvailabilityNone
What an attacker needs
- ✓Access: Reachable over the network — no local access needed
- ✓Privileges: No account or privileges required
- ⚠User interaction: Succeeds with passive user activity
- ✓Complexity: No special conditions — reliably repeatable
- ⚠Requirements: Specific conditions must be present
✓ lowers the bar for an attacker · ⚠ raises it
Weakness (CWE)
- CWE-502: Deserialization of untrusted data
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N