8 matches found
CVE-2025-71349 picklescan - Arbitrary Code Execution via Undetected trace.Trace.run in Pickle Files
picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...
EUVD-2025-210294
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...
CVE-2025-71348
CVE-2025-71348 affects the picklescan utility (pre-0.0.28) where malicious pickle payloads can invoke torch.utils._config_module.load_config during unpickling, bypassing detection and enabling remote code execution in supply-chain contexts. Documents describe a bypass in reduce methods that allow...
GHSA-97F8-7CMV-76J2 Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER
Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...
GHSA-J343-8V2J-FF7W Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand
Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
GHSA-H3QP-7FH3-F8H4 Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
Summary Using torch.utils.data.datapipes.utils.decoder.basichandlers function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
GHSA-F4X7-RFWP-V3XW Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
Summary Using torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
GHSA-655Q-FX9R-782V Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
CVE-2025-1716 Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited to run pip install and fetch a malicious package, enabling remote cod...