HIGHVulnerability
Verified
Global
NVD HIGH: CVE-2025-71361 — picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch...
·Source: NIST NVD
Updated:
Executive Summary
picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().
Analysis
picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load(). CVSS Score: 8.1. Published: 2026-06-24T13:16:30.543.