CVE-2025-71353

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded.
Configurations

No configuration.

History

06 Jul 2026, 15:16

Type Values Removed Values Added
References () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-86cj-95qr-2p4f - () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-86cj-95qr-2p4f -

04 Jul 2026, 02:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-04 02:16

Updated : 2026-07-06 18:19


NVD link : CVE-2025-71353

Mitre link : CVE-2025-71353

CVE.ORG link : CVE-2025-71353


JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data