All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2025-71372
HIGHpublished 2026-07-04 02:16 UTC · 13 hours ago
7.6
CVSS / 10
// description
Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling supply-chain poisoning of shared model files.
// weaknesses (CWE)
- CWE-502