What is CVE-2025-71323?

CVE-2025-71323 is a critical-severity vulnerability in Picklescan, classified under Incomplete List of Disallowed Inputs. CVSS score: 9.8/10. Published 2026-06-17.

How severe is CVE-2025-71323?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Picklescan

CVE-2025-71323

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load ker…

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Picklescan — versions 0, 0.0.33

Weakness classification (CWE)

CWE-184 — Incomplete List of Disallowed Inputs

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2025-71323?: CVE-2025-71323 is a critical-severity vulnerability in Picklescan, classified under Incomplete List of Disallowed Inputs. CVSS score: 9.8/10. Published 2026-06-17.
How severe is CVE-2025-71323?: Critical severity. CVSS v3 base score is 9.8 out of 10.