CVE-2025-71343

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load() is called.
Configurations

No configuration.

History

07 Jul 2026, 04:17

Type Values Removed Values Added
References () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-p9w7-82w4-7q8m - () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-p9w7-82w4-7q8m -

04 Jul 2026, 02:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-04 02:16

Updated : 2026-07-07 04:17


NVD link : CVE-2025-71343

Mitre link : CVE-2025-71343

CVE.ORG link : CVE-2025-71343


JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data