CVE-2025-71356
HIGH SEVERITYCVSS Score & Metrics
Base Score
8.1 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Description
picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-502
Source
NVD
Vendor
picklescan
Product
picklescan
Discussion (0)
Add Comment
No comments yet. Be the first!