CVE-2025-71375 - CERT CVE
ID CVE-2025-71375
Sažetak picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load().
Reference
CVSS
Base: 8.1
Impact: 5.2
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Zadnje važnije ažuriranje 04-07-2026 - 02:16
Objavljeno 04-07-2026 - 02:16