picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on picklescan for validation.
References
Configurations
No configuration.
History
06 Jul 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-x843-g5mx-g377 - |
04 Jul 2026, 02:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-04 02:16
Updated : 2026-07-06 19:16
NVD link : CVE-2025-71373
Mitre link : CVE-2025-71373
CVE.ORG link : CVE-2025-71373
JSON object : View
Products Affected
No product.
CWE
CWE-693
Protection Mechanism Failure
