CVE-2025-71323
CRITICALpicklescan - Remote Code Execution via Unblocked ctypes Module
Title source: cnaDescription
picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GHSA Advisory GHSA-4675-36f9-wf6r
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4675-36f9-wf6r
Third Party Advisory third-party-advisory
VulnCheck Advisory: picklescan - Remote Code Execution via Unblocked ctypes Module
https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-unblocked-ctypes-module
Scores
CVSS v3
9.8
EPSS
0.0076
EPSS Percentile
50.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-184
Status
published
Products (3)
picklescan/picklescan
< 0.0.33
picklescan/picklescan
0.0.33
pypi/picklescan
0 - 0.0.33PyPI
Published
Jun 17, 2026
Tracked Since
Jun 17, 2026