CVE-2025-71372

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling supply-chain poisoning of shared model files.
Configurations

No configuration.

History

07 Jul 2026, 04:17

Type Values Removed Values Added
References () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-rrxm-2pvv-m66x - () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-rrxm-2pvv-m66x -

04 Jul 2026, 02:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-04 02:16

Updated : 2026-07-07 04:17


NVD link : CVE-2025-71372

Mitre link : CVE-2025-71372

CVE.ORG link : CVE-2025-71372


JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data