CVE-2025-71366

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files.
Configurations

No configuration.

History

06 Jul 2026, 15:16

Type Values Removed Values Added
References () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4r9r-ch6f-vxmx - () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4r9r-ch6f-vxmx -

04 Jul 2026, 02:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-04 02:16

Updated : 2026-07-06 18:19


NVD link : CVE-2025-71366

Mitre link : CVE-2025-71366

CVE.ORG link : CVE-2025-71366


JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data