{"data":{"id":"6a8748f3-bd52-48a4-8336-8822c5ed1af3","title":"CVE-2025-71372: Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, all","summary":"Picklescan (a security tool that checks pickle files, which are Python files that serialize and deserialize objects) before version 0.0.33 fails to detect a specific dangerous code gadget called numpy.f2py.crackfortran.getlincoef that can hide in pickle __reduce__ methods (special functions that control how objects are reconstructed). This allows attackers to create malicious pickle files that execute arbitrary code when opened, potentially compromising shared model files in supply chains.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-71372","publishedAt":"2026-07-04T02:16:23.097Z","cveId":"CVE-2025-71372","cweIds":["CWE-502"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":["model_poisoning","supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Picklescan","numpy"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-04T02:16:23.097Z","capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}