NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2025-71351

Summary	picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute when pickle.load() is called.
Publication Date	June 21, 2026, 11:16 p.m.
Registration Date	June 27, 2026, 4:08 a.m.
Last Update	June 23, 2026, 5:17 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/mmaitre314/picklescan/security/advisories/GHSA-v7x6-rv5q-mhwc	disclosure@vulncheck.com
2	https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-timeit-timeit-detection-bypass	disclosure@vulncheck.com
3	https://github.com/mmaitre314/picklescan/security/advisories/GHSA-v7x6-rv5q-mhwc	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-184	不完全なブラックリスト	https://cwe.mitre.org/data/definitions/184.html