GHSA-v7x6-rv5q-mhwc: 
Python vulnerability analysis and mitigation

A security vulnerability (GHSA-v7x6-rv5q-mhwc) was discovered in picklescan versions below 0.0.25, where the library failed to detect malicious code execution through the built-in Python library function timeit.timeit(). The vulnerability was disclosed on April 6, 2025, and affects organizations and individuals relying on picklescan to detect malicious pickle files inside PyTorch models (GitHub Advisory).

The vulnerability stems from picklescan's inability to detect potentially dangerous code execution when the timeit.timeit() function is called via Python's pickle deserialization process. The attack leverages the reduce method to execute arbitrary code through the timeit library, which wasn't included in picklescan's unsafe globals blacklist. The vulnerability has been assigned a CVSS v4 score of 5.3 (Moderate severity), with attack vector being Network, attack complexity Low, and requiring Passive user interaction (GitHub Advisory).

The vulnerability enables attackers to embed malicious code in pickle files that remain undetected by picklescan but execute when the pickle file is loaded. This can lead to remote code execution and potential supply chain attacks, where infected pickle files could be distributed across ML models, APIs, or saved Python objects. The impact primarily affects the integrity of the vulnerable system while maintaining no direct impact on confidentiality or availability (GitHub Advisory).

The vulnerability has been patched in picklescan version 0.0.25 by adding the timeit library to the unsafe globals blacklist. Users are advised to upgrade to this version or later to protect against this vulnerability (GitHub Release).