CVE-2025-71375

picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load().
Configurations

No configuration.

History

07 Jul 2026, 18:16

Type Values Removed Values Added
References () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-955r-x9j8-7rhh - () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-955r-x9j8-7rhh -

04 Jul 2026, 02:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-04 02:16

Updated : 2026-07-07 18:16


NVD link : CVE-2025-71375

Mitre link : CVE-2025-71375

CVE.ORG link : CVE-2025-71375


JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data