Vulnerabilites related to skops-dev - skops
CVE-2025-54413 (GCVE-0-2025-54413)
Vulnerability from cvelistv5
Published
2025-07-26 03:29
Modified
2025-07-28 13:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-351 - Insufficient Type Distinction
Summary
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to GHSA-m7f4-hrc6-fwg3, it is actually more severe, as it relies on fewer assumptions about trusted types. This is fixed in version 12.0.0.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54413",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T13:59:46.714447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T13:59:58.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "skops",
"vendor": "skops-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to GHSA-m7f4-hrc6-fwg3, it is actually more severe, as it relies on fewer assumptions about trusted types. This is fixed in version 12.0.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-351",
"description": "CWE-351: Insufficient Type Distinction",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-26T03:29:43.716Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/skops-dev/skops/security/advisories/GHSA-4v6w-xpmh-gfgp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/skops-dev/skops/security/advisories/GHSA-4v6w-xpmh-gfgp"
},
{
"name": "https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3"
},
{
"name": "https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603"
},
{
"name": "https://drive.google.com/drive/folders/1bmVV18mnPbWy21hVYgf51yVJpf78vtB_?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/drive/folders/1bmVV18mnPbWy21hVYgf51yVJpf78vtB_?usp=sharing"
},
{
"name": "https://github.com/skops-dev/skops/releases/tag/v0.12.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/skops-dev/skops/releases/tag/v0.12.0"
}
],
"source": {
"advisory": "GHSA-4v6w-xpmh-gfgp",
"discovery": "UNKNOWN"
},
"title": "skops\u0027 MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54413",
"datePublished": "2025-07-26T03:29:43.716Z",
"dateReserved": "2025-07-21T23:18:10.280Z",
"dateUpdated": "2025-07-28T13:59:58.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54412 (GCVE-0-2025-54412)
Vulnerability from cvelistv5
Published
2025-07-26 03:29
Modified
2025-07-28 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-351 - Insufficient Type Distinction
Summary
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T13:55:45.240203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T13:55:57.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "skops",
"vendor": "skops-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-351",
"description": "CWE-351: Insufficient Type Distinction",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-26T03:29:10.918Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3"
},
{
"name": "https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603"
},
{
"name": "https://github.com/skops-dev/skops/releases/tag/v0.12.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/skops-dev/skops/releases/tag/v0.12.0"
}
],
"source": {
"advisory": "GHSA-m7f4-hrc6-fwg3",
"discovery": "UNKNOWN"
},
"title": "skops\u0027 Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54412",
"datePublished": "2025-07-26T03:29:10.918Z",
"dateReserved": "2025-07-21T23:18:10.280Z",
"dateUpdated": "2025-07-28T13:55:57.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54886 (GCVE-0-2025-54886)
Vulnerability from cvelistv5
Published
2025-08-08 00:03
Modified
2025-08-08 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function supports both joblib and skops for model loading. When loading .skops models, it uses skops' secure loading with trusted type validation, raising errors for untrusted types unless explicitly allowed. However, when non-.zip file formats are provided, the function silently falls back to joblib without warning. Unlike skops, joblib allows arbitrary code execution during loading, bypassing security measures and potentially enabling malicious code execution. This issue is fixed in version 0.13.0.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54886",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T16:53:18.605087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T16:54:00.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "skops",
"vendor": "skops-dev",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function supports both joblib and skops for model loading. When loading .skops models, it uses skops\u0027 secure loading with trusted type validation, raising errors for untrusted types unless explicitly allowed. However, when non-.zip file formats are provided, the function silently falls back to joblib without warning. Unlike skops, joblib allows arbitrary code execution during loading, bypassing security measures and potentially enabling malicious code execution. This issue is fixed in version 0.13.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T00:03:45.318Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm"
},
{
"name": "https://github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda"
}
],
"source": {
"advisory": "GHSA-378x-6p4f-8jgm",
"discovery": "UNKNOWN"
},
"title": "skops: Card.get_model does not block arbitrary code execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54886",
"datePublished": "2025-08-08T00:03:45.318Z",
"dateReserved": "2025-07-31T17:23:33.476Z",
"dateUpdated": "2025-08-08T16:54:00.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37065 (GCVE-0-2024-37065)
Vulnerability from cvelistv5
Published
2024-06-04 12:03
Modified
2024-08-02 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:skops-dev:skops:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "skops",
"vendor": "skops-dev",
"versions": [
{
"status": "affected",
"version": "0.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T17:10:07.631839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T17:11:22.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hiddenlayer.com/sai-security-advisory/skops-june2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "skops",
"product": "Skops",
"repo": "https://github.com/skops-dev/skops",
"vendor": "Skops-dev",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0.6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDeserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user\u0027s system when loaded.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user\u0027s system when loaded."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T12:03:19.459Z",
"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"shortName": "HiddenLayer"
},
"references": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/skops-june2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c",
"assignerShortName": "HiddenLayer",
"cveId": "CVE-2024-37065",
"datePublished": "2024-06-04T12:03:19.459Z",
"dateReserved": "2024-05-31T14:19:09.799Z",
"dateUpdated": "2024-08-02T03:43:50.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}