Lucene search
K

4 matches found

NVD
NVD
added 2026/06/21 2:16 p.m.16 views

CVE-2025-71351

picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit in the reduce method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute...

7.6CVSS0.00418EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.29 views

CVE-2025-71351 picklescan - Remote Code Execution via timeit.timeit() Detection Bypass

picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit in the reduce method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute...

7.6CVSS0.00418EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.4 views

CVE-2025-71351

picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit in the reduce method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute...

7.6CVSS6.4AI score0.00418EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 1:26 p.m.8 views

CVE-2025-71351

CVE-2025-71351 affects picklescan prior to version 0.0.25. The vulnerability arises because timeit.timeit() calls used in the reduce method are not detected by the tool, allowing crafted pickle payloads to bypass detection and trigger remote code execution when pickle.load() is performed. Attacke...

7.6CVSS6.4AI score0.00418EPSS
Exploits0References2
Rows per page
Query Builder