{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-71320", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-06-08T20:44:31.209Z", "datePublished": "2026-06-17T15:04:58.000Z", "dateUpdated": "2026-06-17T17:54:59.297Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-17T15:04:58.000Z"}, "datePublic": "2025-12-26T00:00:00.000Z", "title": "picklescan - Remote Code Execution via Incomplete Disallowed Inputs", "descriptions": [{"lang": "en", "value": "picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when the pickle is deserialized."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incomplete List of Disallowed Inputs", "cweId": "CWE-184", "type": "CWE"}]}], "affected": [{"vendor": "picklescan", "product": "picklescan", "defaultStatus": "unaffected", "packageURL": "pkg:pypi/picklescan", "versions": [{"version": "0", "status": "affected", "versionType": "semver", "lessThan": "0.0.33"}, {"version": "0.0.33", "status": "unaffected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.0.33"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-84r2-jw7c-4r5q", "name": "GHSA Advisory GHSA-84r2-jw7c-4r5q", "tags": ["vendor-advisory"]}, {"name": "VulnCheck Advisory: picklescan - Remote Code Execution via Incomplete Disallowed Inputs", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-incomplete-disallowed-inputs"}], "credits": [{"lang": "en", "value": "0x-Apollyon", "type": "reporter"}], "x_generator": {"engine": "vulncheck-endgame"}}, "adp": [{"references": [{"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-84r2-jw7c-4r5q", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T17:51:20.098816Z", "id": "CVE-2025-71320", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T17:54:59.297Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-71320", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-17T17:51:20.098816Z"}}}], "references": [{"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-84r2-jw7c-4r5q", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T17:51:10.887Z"}}], "cna": {"title": "picklescan - Remote Code Execution via Incomplete Disallowed Inputs", "credits": [{"lang": "en", "type": "reporter", "value": "0x-Apollyon"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "picklescan", "product": "picklescan", "versions": [{"status": "affected", "version": "0", "lessThan": "0.0.33", "versionType": "semver"}, {"status": "unaffected", "version": "0.0.33", "versionType": "semver"}], "packageURL": "pkg:pypi/picklescan", "defaultStatus": "unaffected"}], "datePublic": "2025-12-26T00:00:00.000Z", "references": [{"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-84r2-jw7c-4r5q", "name": "GHSA Advisory GHSA-84r2-jw7c-4r5q", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-incomplete-disallowed-inputs", "name": "VulnCheck Advisory: picklescan - Remote Code Execution via Incomplete Disallowed Inputs", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck-endgame"}, "descriptions": [{"lang": "en", "value": "picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when the pickle is deserialized."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-184", "description": "Incomplete List of Disallowed Inputs"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.0.33"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-17T15:04:58.000Z"}}}, "cveMetadata": {"cveId": "CVE-2025-71320", "state": "PUBLISHED", "dateUpdated": "2026-06-17T17:54:59.297Z", "dateReserved": "2026-06-08T20:44:31.209Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-06-17T15:04:58.000Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{}

{}