CVE-2025-71363 - CERT CVE
ID CVE-2025-71363
Sažetak picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserialization.
Reference
CVSS
Base: 8.1
Impact: 5.2
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Zadnje važnije ažuriranje 01-07-2026 - 18:21
Objavljeno 30-06-2026 - 23:16