VEXID-7662938
Published 2026-07-04 02:16:21
Last Modified 2026-07-04 02:16:21
AKA CVE-2025-71343
Summary picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load() is called.
CVSS
Access Vector Local Adjacent Network
Access Complexity Low Medium High
Authentication None Single Multiple
Confidentiality None Partial Complete
Integrity None Partial Complete
Availability None Partial Complete