CVE-2025-1716: Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis

March 3, 2025 (updated March 6, 2025)

An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited to run pip install and fetch a malicious package, enabling remote code execution (RCE) upon package installation.

References

github.com/advisories/GHSA-655q-fx9r-782v
github.com/mmaitre314/picklescan
github.com/mmaitre314/picklescan/commit/78ce704227c51f070c0c5fb4b466d92c62a7aa3d
github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v
nvd.nist.gov/vuln/detail/CVE-2025-1716
sites.google.com/sonatype.com/vulnerabilities/cve-2025-1716

Detect and mitigate CVE-2025-1716 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →