Security Advisory

CVE-2025-54412

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-26 03:29:10
Last updated 2025-07-28 13:55:57
Assigner GitHub_M
State PUBLISHED

Description

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0.