CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-71359

highCVSS 8.1covered by 1 sourcefirst seen 2026-07-04
picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization.

⚡ Watch CVE-2025-71359

Get an email if CVE-2025-71359 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2025-71359

CVE.org record

Embed the live status

CVE-2025-71359 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2025-71359 status](https://www.csirts.com/badge/CVE-2025-71359)](https://www.csirts.com/cve/CVE-2025-71359)