CVE-2025-54886

skops: Card.get_model does not block arbitrary code execution

Description

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function supports both joblib and skops for model loading. When loading .skops models, it uses skops' secure loading with trusted type validation, raising errors for untrusted types unless explicitly allowed. However, when non-.zip file formats are provided, the function silently falls back to joblib without warning. Unlike skops, joblib allows arbitrary code execution during loading, bypassing security measures and potentially enabling malicious code execution. This issue is fixed in version 0.13.0.

Category

8.4
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Affected: skops-dev skops
Published at:
Updated at:

References

Link Tags
https://github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm
https://github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda

Frequently Asked Questions

What is the severity of CVE-2025-54886?
CVE-2025-54886 has been scored as a high severity vulnerability.
How to fix CVE-2025-54886?
To fix CVE-2025-54886, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-54886 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-54886 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-54886?
CVE-2025-54886 affects skops-dev skops.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.