Is CVE-2025-71339 being exploited?

No public exploit is currently tracked.

How severe is CVE-2025-71339?

CVE-2025-71339 has a CVSS v3 severity of HIGH (8.1).

Back

CVE-2025-71339

Description

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation.