What is CVE-2025-71361?

CVE-2025-71361 is a high-severity vulnerability in Picklescan, classified under Eval Injection. CVSS score: 8.1/10. Published 2026-06-24.

How severe is CVE-2025-71361?

High severity. CVSS v3 base score is 8.1 out of 10.

RCE in Picklescan

CVE-2025-71361

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via…

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N.

Affected products

Picklescan — versions 0, 0.0.29

Weakness classification (CWE)

CWE-95 — Eval Injection

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2025-71361?: CVE-2025-71361 is a high-severity vulnerability in Picklescan, classified under Eval Injection. CVSS score: 8.1/10. Published 2026-06-24.
How severe is CVE-2025-71361?: High severity. CVSS v3 base score is 8.1 out of 10.