CVE-2025-71359 - picklescan - Unsafe Deserialization via lib2to3.pgen2.grammar.Grammar.loads
CVE ID :CVE-2025-71359
Published : July 4, 2026, 2:16 a.m. | 4 hours, 28 minutes ago
Description :picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : July 4, 2026, 2:16 a.m. | 4 hours, 28 minutes ago
Description :picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...