Cyber Resilience

CVE-2025-71325

CriticalPublic PoC

Published: 17 June 2026

Published
17 June 2026
Modified
17 June 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0047 37.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-71325 is a critical-severity Unchecked Error Condition (CWE-391) vulnerability. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Obfuscated Files or Information (T1027); ranked at the 37.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at…

more

position zero to trigger unexpected exceptions and evade security scanning.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1027 Obfuscated Files or Information Stealth
Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Bypass in pickle scanner directly facilitates undetected malicious Python deserialization payloads.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-391

Ensures audit logging process failures are checked and trigger defined responses instead of remaining unchecked.

addresses: CWE-391

Policy enforces checking and handling of error conditions as part of incident response processes.

addresses: CWE-391

Testing IR effectiveness identifies and drives fixes for unchecked error conditions that fail to initiate incident handling.

addresses: CWE-391

Formal incident handling procedures enforce checking and acting on error conditions that could indicate security incidents.

addresses: CWE-391

Mandates ongoing correlation, analysis, and response to monitoring results, reducing unchecked error conditions from control assessments.

References