QwikSec

Security Database

CVE

CWE

Training

CVE-2025-54412

Published: Jul 26, 2025

Modified: Jul 28, 2025

PUBLISHED

Description

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0.

Vendor	Product	Versions
skops-dev	skops	affected `< 0.12.0`

Weaknesses (CWE)

References

https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3

x_refsource_CONFIRM

https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603

x_refsource_MISC

https://github.com/skops-dev/skops/releases/tag/v0.12.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.