Description
picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute when pickle.load() is called.
Published: 2026-06-21
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in picklescan prior to version 0.0.25, where the library fails to detect malicious pickle files that embed a call to timeit.timeit() within their __reduce__ method. When an attacker supplies such a pickle file and the application later invokes pickle.load(), the payload imports dangerous libraries such as os and executes arbitrary system commands, resulting in remote code execution.

Affected Systems

Affected products include the Python package picklescan maintained by mmaitre314. All releases earlier than version 0.0.25 are vulnerable, as the vulnerability description explicitly specifies this version boundary.

Risk and Exploitability

The CVSS score of 7.6 indicates a high level of risk; the EPSS score is not available, so exploitation probability cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that attackers would need to provide crafted pickle data to an application that trusts picklescan for validation, making the attack vector local to systems that ingest pickle files from untrusted sources.

Generated by OpenCVE AI on June 21, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update picklescan to version 0.0.25 or later to fix the malicious pickle detection vulnerability.
  • Review any code that processes pickle files and replace insecure pickle.load() calls with safer alternatives such as pickle.safe_load() or custom deserialization logic.
  • Limit exposure by disabling or restricting untrusted pickle input to picklescan and enforce strict file type checks before deserialization.

Generated by OpenCVE AI on June 21, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute when pickle.load() is called.
Title picklescan - Remote Code Execution via timeit.timeit() Detection Bypass
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-184
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-21T13:26:48.720Z

Reserved: 2026-06-20T12:48:06.735Z

Link: CVE-2025-71351

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T17:00:10Z

Weaknesses
  • CWE-184

    Incomplete List of Disallowed Inputs