CVE-2025-71340: picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode
Summary
picklescan (a tool that checks if pickle files, which are Python's serialization format, are safe) through version 0.0.26 fails to detect malicious pickle files that use a hidden code-execution technique through idlelib.pyshell.ModifiedInterpreter.runcode. Attackers can hide dangerous code in pickle files that runs when the file is loaded, potentially compromising PyTorch models and other saved Python objects in supply chain attacks (attacks that compromise software as it's being distributed).
Solution / Mitigation
This is fixed in version 0.0.30. Upgrade picklescan to version 0.0.30 or later.
Vulnerability Details
8.1(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
network
low
none
required
June 25, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-71340
First tracked: June 25, 2026 at 08:13 PM
Classified by LLM (prompt v3) · confidence: 85%