CVE-2025-67747 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...

CVE-2025-67747

CVE-2025-67747 concerns Fickling, a Python pickle analysis tool. Multiple sources document that versions prior to 0.1.6 did not include marshal and types in the unsafe-import blocklist, allowing a crafted pickle to bypass safety checks due to missing detections for marshal.loads and types.Functio...

EUVD-2025-203479

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...

Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

Fickling Assessment Based on the test case provided in the original report below, this bypass was caused by marshal and types missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in...

GHSA-565G-HWWR-4PP3 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

Fickling Assessment Based on the test case provided in the original report below, this bypass was caused by marshal and types missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in...