CVE-2025-71369

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization, enabling remote code execution.
Configurations

No configuration.

History

06 Jul 2026, 17:16

Type Values Removed Values Added
References () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-h3qp-7fh3-f8h4 - () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-h3qp-7fh3-f8h4 -

04 Jul 2026, 02:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-04 02:16

Updated : 2026-07-06 18:19


NVD link : CVE-2025-71369

Mitre link : CVE-2025-71369

CVE.ORG link : CVE-2025-71369


JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data