CVE-2025-71362: picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on...
HIGH
CVSS 8.1
Exploit Available
Published: July 4, 2026 | Last Modified: July 4, 2026
Description
picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources.
Ghostwire Analysis — What This Means Practically
- High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
- Exploit code is reported to be available, increasing the likelihood of active exploitation.
This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.
References