HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2025-71361 — picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch...

·Source: NIST NVD

Updated:

Executive Summary

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().

Analysis

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load(). CVSS Score: 8.1. Published: 2026-06-24T13:16:30.543.

Indicators of Compromise (1)

CVE (1)
CVE-2025-71361
Source Attribution

Originally published by NIST NVD on Jun 24, 2026. Verified by: NIST.

Related Threats

LOWVulnerabilityNEW

Langflow Flaws Exposed AI Servers to Takeover

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/langflow-flaws-exposed-ai-servers-to-takeover-image_small-7-a-32125.jpg" align=right hspace=4><b>Rubrik Decries Lack of Fundamental Cybersecurity in AI Platforms</b><br>Rubrik Zero Labs found four vulnerabilities in Langflow, including flaws that allowed unauthenticated attackers to execute code, read sensitive files and steal cre

Bank Info Security
MEDIUMVulnerabilityNEW

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers in

The Hacker News
MEDIUMVulnerabilityNEW

19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges

A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered him held in custody. Finnish police

The Hacker News