{"data":{"id":"292fff7e-25c3-4354-a91e-1fceadf3d021","title":"CVE-2025-71342: picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. A","summary":"picklescan (a tool for detecting malicious code in pickle files, which are Python serialized objects) before version 0.0.30 has a vulnerability that allows attackers to hide malicious code in pickle files using a specific method (idlelib.run.Executive.runcode in reduce methods). When these files are loaded using pickle.load, the hidden code executes automatically, enabling RCE (remote code execution) and potential supply chain attacks on systems using PyTorch models.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-71342","publishedAt":"2026-07-04T02:16:21.387Z","cveId":"CVE-2025-71342","cweIds":["CWE-502"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":["model_poisoning","supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["PyTorch"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-04T02:16:21.387Z","capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}