ГлавнаяУязвимости → CVE-2025-71321
9.8критическая

CVE-2025-71321

Описание

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m273-6v24-x4m4https://www.vulncheck.com/advisories/picklescan-arbitrary-file-writing-via-distutils-module-bypasshttps://github.com/mmaitre314/picklescan/security/advisories/GHSA-m273-6v24-x4m4