CVE-2025-54412

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0.

CVSS

No CVSS.

References

Link	Resource
https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603
https://github.com/skops-dev/skops/releases/tag/v0.12.0
https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3

Configurations

No configuration.

History

29 Jul 2025, 14:14

Type	Values Removed	Values Added
Summary		(es) skops es una librería de Python que ayuda a los usuarios a compartir y enviar sus modelos basados en scikit-learn. Las versiones 0.11.0 y anteriores contienen una inconsistencia en OperatorFuncNode que puede explotarse para ocultar la ejecución de métodos de operador no confiables. Esto puede utilizarse en un ataque de reutilización de código para invocar funciones aparentemente seguras y escalar a la ejecución de código arbitrario con tipos de confianza mínimos y engañosos. Esto se corrigió en la versión 0.12.0.

26 Jul 2025, 04:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-26 04:16

Updated : 2025-07-29 14:14

NVD link : CVE-2025-54412

Mitre link : CVE-2025-54412

CVE.ORG link : CVE-2025-54412

JSON object : View

Products Affected

No product.

CWE

CWE-351

Insufficient Type Distinction

{"id": "CVE-2025-54412", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-26T04:16:06.597", "references": [{"url": "https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603", "source": "security-advisories@github.com"}, {"url": "https://github.com/skops-dev/skops/releases/tag/v0.12.0", "source": "security-advisories@github.com"}, {"url": "https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-351"}]}], "descriptions": [{"lang": "en", "value": "skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0."}, {"lang": "es", "value": "skops es una librer\u00eda de Python que ayuda a los usuarios a compartir y enviar sus modelos basados en scikit-learn. Las versiones 0.11.0 y anteriores contienen una inconsistencia en OperatorFuncNode que puede explotarse para ocultar la ejecuci\u00f3n de m\u00e9todos de operador no confiables. Esto puede utilizarse en un ataque de reutilizaci\u00f3n de c\u00f3digo para invocar funciones aparentemente seguras y escalar a la ejecuci\u00f3n de c\u00f3digo arbitrario con tipos de confianza m\u00ednimos y enga\u00f1osos. Esto se corrigi\u00f3 en la versi\u00f3n 0.12.0."}], "lastModified": "2025-07-29T14:14:55.157", "sourceIdentifier": "security-advisories@github.com"}