CVE-2025-71373

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on picklescan for validation.
Configurations

No configuration.

History

06 Jul 2026, 19:16

Type Values Removed Values Added
References () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-x843-g5mx-g377 - () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-x843-g5mx-g377 -

04 Jul 2026, 02:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-04 02:16

Updated : 2026-07-06 19:16


NVD link : CVE-2025-71373

Mitre link : CVE-2025-71373

CVE.ORG link : CVE-2025-71373


JSON object : View

Products Affected

No product.

CWE
CWE-693

Protection Mechanism Failure