CVE-2025-71373
HIGH SEVERITYCVSS Score & Metrics
Base Score
8.1 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Description
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on picklescan for validation.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-693
Source
NVD
Vendor
picklescan
Product
picklescan
Discussion (0)
Add Comment
No comments yet. Be the first!