ByteOS Network

Vulnerability Details :

CVE-2025-54886

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-08 Aug, 2025 | 00:03

Updated At-08 Aug, 2025 | 16:54

skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function supports both joblib and skops for model loading. When loading .skops models, it uses skops' secure loading with trusted type validation, raising errors for untrusted types unless explicitly allowed. However, when non-.zip file formats are provided, the function silently falls back to joblib without warning. Unlike skops, joblib allows arbitrary code execution during loading, bypassing security measures and potentially enabling malicious code execution. This issue is fixed in version 0.13.0.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:GitHub_M

Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa

Published At:08 Aug, 2025 | 00:03

Updated At:08 Aug, 2025 | 16:54

▼CVE Numbering Authority (CNA)

skops: Card.get_model does not block arbitrary code execution

Affected Products

Vendor

skops-dev

Product

skops

Versions

Affected

< 0.13.0

Problem Types

Type	CWE ID	Description
CWE	CWE-502	CWE-502: Deserialization of Untrusted Data

Type: CWE

CWE ID: CWE-502

Description: CWE-502: Deserialization of Untrusted Data

Metrics

Version	Base score	Base severity	Vector
3.1	8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Hyperlink	Resource
https://github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm	x_refsource_CONFIRM
https://github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda	x_refsource_MISC

Hyperlink: https://github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security-advisories@github.com

Published At:08 Aug, 2025 | 01:15

Updated At:08 Aug, 2025 | 20:30

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-502	Primary	security-advisories@github.com

CWE ID: CWE-502

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda	security-advisories@github.com	N/A
https://github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm	security-advisories@github.com	N/A

Hyperlink: https://github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm

Source: security-advisories@github.com

Resource: N/A

Similar CVEs

6Records found

CVE-2024-37065

Matching Score-6

Assigner-HiddenLayer, Inc.

View Details

Matching Score-6

Assigner-HiddenLayer, Inc.

CVSS Score-7.8||HIGH

EPSS-0.10% / 29.06%

7 Day CHG~0.00%

Published-04 Jun, 2024 | 12:03

Updated-02 Aug, 2024 | 03:43

Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.

Vendor-Skops-dev skops-dev

Product-Skops skops

CWE ID-CWE-502

Deserialization of Untrusted Data

CVE-2021-35095

Matching Score-4

Assigner-Qualcomm, Inc.

View Details

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-8.4||HIGH

EPSS-0.03% / 7.64%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 10:11

Updated-04 Aug, 2024 | 00:33

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile

CWE ID-CWE-502

Deserialization of Untrusted Data

CVE-2024-10095

Matching Score-4

Assigner-Progress Software Corporation

View Details

Matching Score-4

Assigner-Progress Software Corporation

CVSS Score-8.4||HIGH

EPSS-0.28% / 50.65%

7 Day CHG+0.01%

Published-16 Dec, 2024 | 16:59

Updated-18 Dec, 2024 | 12:59

Progress UI for WPF format provider unsafe deserialization vulnerability

In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.

Vendor-Progress Software Corporation Telerik

Product-ui_for_wpf Telerik UI for WPF

CWE ID-CWE-502

Deserialization of Untrusted Data

CVE-2018-9474

Matching Score-4

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

View Details

Matching Score-4

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-8.4||HIGH

EPSS-0.10% / 28.43%

7 Day CHG~0.00%

Published-20 Nov, 2024 | 17:25

Updated-18 Dec, 2024 | 15:20

In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor-Google LLC

Product-android Android android

CWE ID-CWE-502

Deserialization of Untrusted Data

CVE-2025-31175

Matching Score-4

Assigner-Huawei Technologies

View Details

Matching Score-4

Assigner-Huawei Technologies

CVSS Score-8.4||HIGH

EPSS-0.07% / 21.68%