CVE-2025-71342 - CERT CVE
ID CVE-2025-71342
Sažetak picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks.
Reference
CVSS
Base: 8.1
Impact: 5.2
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Zadnje važnije ažuriranje 04-07-2026 - 02:16
Objavljeno 04-07-2026 - 02:16