216.73.216.133

CVE-2025-71359

· Published 04/07/2026 04:16 · Author: The MITRE Corporation

Labels: CVE-2025-71359

Essential information

Published
04/07/2026 04:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
8.1 HIGH (v3.1) 7.6 HIGH (v4.0)
CISA KEV
No
CWE
CWE-502
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CVSS metrics

Description

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization.

NVD status

NVD
View on NVD