picklescan <0.0.30 cProfile.runctx Detection Bypass RCE: CVE-2025-71378 June 2026

picklescan - Remote Code Execution via Undetected cProfile.runctx in Pickle Files
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load().

Vulnerability Analysis

CVE-2025-71378 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2025-71378 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2025-71378

Want to know whenever a new CVE is published for Mmaitre314 Picklescan? stack.watch will email you.

picklescan <0.0.30 cProfile.runctx Detection Bypass RCE
CVE-2025-71378 Published on June 21, 2026

Vulnerability Analysis

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2025-71378

Affected Versions

picklescan <0.0.30 cProfile.runctx Detection Bypass RCECVE-2025-71378 Published on June 21, 2026

Vulnerability Analysis

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2025-71378

Affected Versions

picklescan <0.0.30 cProfile.runctx Detection Bypass RCE
CVE-2025-71378 Published on June 21, 2026