High severity7.3NVD Advisory· Published May 19, 2026· Updated May 19, 2026
CVE-2025-51427
CVE-2025-51427
Description
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
modelscopePyPI | < 1.27.0 | 1.27.0 |
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =1.25.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-fhhq-h4hg-549xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-51427ghsaADVISORY
- github.com/JIRUWOZHI/vulnerability-disclosure/blob/main/CVE-2025-51427/CVE_2025_51427.mdnvdWEB
- github.com/modelscope/modelscope/commit/75d54927e112261d39598ca08c15b66a7ff3f735ghsaWEB
- github.com/modelscope/modelscope/issues/1331nvdWEB
- github.com/modelscope/modelscope/pull/1333nvdWEB
News mentions
0No linked articles in our index yet.