External risk intelligence

Picklescan Bypass Detection Flaw in STACK_GLOBAL Parsing

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2025-71325

A parsing logic error in the picklescan tool allows malicious pickle files to bypass detection. This means the tool, intended to find malicious pickle files, may fail to identify them under certain conditions, potentially allowing undetected malicious files to pose a risk. The relevance and exposure of this tool within

Halo Surface Signal

Very unlikely · external exposure

1Halo Surface Signal

Picklescan is a developer-oriented security utility used for scanning files during build-time or as a local analysis tool. It is not designed to be deployed as a public-facing service, API, or network edge component, making internet-facing exposure in standard deployments very unlikely.

Horizon Alert

Summary of the vulnerability and why it matters

A parsing logic error in the picklescan tool allows specially crafted files to bypass detection by security scanning. This means the tool, intended to find malicious pickle files, may fail to identify them under certain conditions. The main concern is confirming relevance and exposure of this tool within our environment.

The scanner can be tricked by bad files.
Important for developers using this specific tool.
Confirm if and where this tool is in use.

Attack Path

How an attacker could exploit the issue

An attacker could craft malicious pickle files to bypass security scanning by exploiting a parsing logic error in the picklescan tool. This flaw, located in the `_list_globals` function when handling STACK_GLOBAL opcodes, allows specially crafted arguments to evade detection.

Entry condition: Attacker crafts a malicious pickle file.
Trigger point: File is processed by an vulnerable picklescan.
Resulting risk: Malicious files bypass security scanning.

Live Threat

Current exploitation, exposure, and threat context

When supported by the advisory, this vulnerability could allow malicious pickle files to bypass security scanning by triggering unexpected exceptions. This could occur when the `_list_globals` function in `picklescan` incorrectly handles `STACK_GLOBAL` opcodes due to a parsing logic error.

Sensitive data within pickle files.
Malicious pickle files could bypass detection.
Undetected malicious files could pose a risk.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability affects the `picklescan` tool, likely managed by development or security operations teams responsible for code integrity. The immediate priority is to locate all instances of `picklescan` within the development and CI/CD pipelines, assess their usage for processing untrusted input, and coordinate updates during the next maintenance cycle.

Development or security teams own this issue.
Verify `picklescan` usage with untrusted input.
Plan updates during the next maintenance window.

Supplementary metadata

PCI scan relevance

Yes

CVE-2025-71325 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This CVE is relevant to PCI scans because it allows malicious pickle files to bypass security scanning, potentially leading to undetected malicious code execution and supply chain attacks.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is picklescan?

Picklescan is a security utility used by developers to inspect Python pickle files for malicious content. Because pickle files can execute arbitrary code when loaded, developers integrate this tool into build processes or local workflows to verify the safety of files before they are handled by applications. It acts as a gatekeeper to detect potentially harmful object serialization before a system processes it.

What does CVE-2025-71325 mean for security?

This vulnerability is a flaw in parsing logic, categorized as CWE-391 (Unchecked Error Condition). In CVE-2025-71325, the tool fails to correctly track arguments when processing certain code instructions known as STACK_GLOBAL opcodes. Because the logic is flawed, the scanner encounters an unexpected state that causes it to skip inspection of malicious code, allowing dangerous pickle files to remain undetected by the security tool.

How do malicious files trigger this vulnerability?

An attacker triggers this by creating a pickle file containing specific STACK_GLOBAL opcodes with arguments positioned at zero. When the tool attempts to parse this file, the flaw prevents it from identifying the malicious content. Importantly, simply having a pickle file is not enough; the bug only triggers if the file is intentionally crafted to exploit this parsing error and is subsequently processed by an unpatched version of the picklescan tool.

Is my environment at risk from this CVE?

According to Halo Surface Signal, internet-facing exposure is very unlikely because picklescan is a developer-oriented tool, not a public-facing service. The primary risk exists where the tool is used to scan untrusted input in internal development environments or CI/CD pipelines. You should care if your team relies on this tool to prevent malicious files from entering your software supply chain.

Do I need to update my picklescan installation?

Yes. First, identify all locations where picklescan is used, such as in automated build scripts or local developer environments. Once identified, evaluate whether those instances handle untrusted files. If they do, coordinate an update to version 0.0.27 or later, where this parsing logic has been corrected, during your next scheduled maintenance cycle to ensure effective scanning.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.