High severityOSV Advisory· Published Jul 26, 2025· Updated Apr 15, 2026
CVE-2025-54412
CVE-2025-54412
Description
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
skopsPyPI | < 0.12.0 | 0.12.0 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-m7f4-hrc6-fwg3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-54412ghsaADVISORY
- drive.google.com/file/d/1c2KrjayE_S1siaou0vDmGK7_MQ7_YCUZ/viewghsaWEB
- github.com/io-no/CVE-Reports/tree/main/CVE-2025-54412ghsaWEB
- github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603nvdWEB
- github.com/skops-dev/skops/releases/tag/v0.12.0nvdWEB
- github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3nvdWEB
News mentions
0No linked articles in our index yet.