Description
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution.
Published: 2026-06-17
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in functions that overlook a dangerous blocklist by leveraging the distutils.file_util.write_file method. An attacker can craft malicious pickle payloads to force the application to overwrite arbitrary files on the host, potentially destroying critical system files or installing malicious code. This flaw is a classic unsafe serialization issue and enables confidentiality, integrity, and availability compromise, including potential remote code execution.

Affected Systems

Picklescan, version 0.0.32 and earlier. The package prior to 0.0.33 contains the vulnerability; upgrades to 0.0.33 or later eliminate the affected code path.

Risk and Exploitability

The CVSS score of 9.3 places the flaw in the HIGH severity range, but its EPSS score of less than 1% indicates a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves the attacker sending a specially crafted pickle file to the vulnerable application, which then uses distutils.file_util.write_file to overwrite a target file, enabling denial of service or remote code execution. No additional conditions are mentioned, suggesting that authenticated or unauthenticated access to the deserialization endpoint would be sufficient if it exists.

Generated by OpenCVE AI on June 18, 2026 at 17:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Picklescan to version 0.0.33 or newer, which removes the vulnerable write_file bypass.
  • If the upgrade cannot be performed immediately, remove or disable the distutils.file_util.write_file function from the execution environment to prevent arbitrary file writes.
  • Ensure that only trusted pickle data is deserialized by implementing strict validation or by rejecting pickle payloads from untrusted sources.

Generated by OpenCVE AI on June 18, 2026 at 17:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-m273-6v24-x4m4 Picklescan vulnerable to Arbitrary File Writing
History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution.
Title picklescan - Arbitrary File Writing via distutils Module Bypass
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-502
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-17T18:12:17.635Z

Reserved: 2026-06-08T20:44:31.209Z

Link: CVE-2025-71321

cve-icon Vulnrichment

Updated: 2026-06-17T18:00:38.418Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T22:15:03Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data