CVE-2025-71359

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization.
Configurations

No configuration.

History

06 Jul 2026, 17:16

Type Values Removed Values Added
References () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f54q-57x4-jg88 - () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f54q-57x4-jg88 -

04 Jul 2026, 02:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-04 02:16

Updated : 2026-07-06 18:19


NVD link : CVE-2025-71359

Mitre link : CVE-2025-71359

CVE.ORG link : CVE-2025-71359


JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data