cvedb.io
CVE-2025-71362
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2026-07-04T02:16:22.457 · Last modified 2026-07-04T02:16:22.457

Summary

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.