// For flags

CVE-2025-54413

skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time

Severity Score

8.7
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to GHSA-m7f4-hrc6-fwg3, it is actually more severe, as it relies on fewer assumptions about trusted types. This is fixed in version 12.0.0.

skops es una librería de Python que ayuda a los usuarios a compartir y enviar sus modelos basados en scikit-learn. Las versiones 0.11.0 y anteriores contienen una inconsistencia en MethodNode, que puede explotarse para acceder a campos de objeto inesperados mediante la notación de puntos. Esto permite la ejecución de código arbitrario en tiempo de carga. Si bien este problema puede parecer similar a GHSA-m7f4-hrc6-fwg3, en realidad es más grave, ya que se basa en menos suposiciones sobre los tipos de confianza. Esto se solucionó en la versión 12.0.0.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
Active
System
Vulnerable | Subsequent
Confidentiality
High
High
Integrity
High
High
Availability
High
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Poc
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2025-07-21 CVE Reserved
  • 2025-07-26 CVE Published
  • 2025-07-29 CVE Updated
  • 2025-08-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-351: Insufficient Type Distinction
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Skops-dev
Search vendor "Skops-dev"
 Skops
Search vendor "Skops-dev" for product "Skops"
 < 12.0.0
Search vendor "Skops-dev" for product "Skops" and version " < 12.0.0"
en
Affected