CVE-2025-54413
BaseFortify
Publication date: 2025-07-26
Last updated on: 2025-07-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| skops | skops | 0.12.0 |
| skops | skops | 0.11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-351 | The product does not properly distinguish between different types of elements in a way that leads to insecure behavior. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54413 is a vulnerability in the Python library skops (versions 0.11.0 and below) that allows attackers to execute arbitrary code during model loading. The issue arises because the MethodNode component improperly validates access to object attributes via dot notation, enabling attackers to access unexpected fields and chain multiple MethodNode instances to bypass type checks. This allows access to sensitive Python internals like the __builtins__ dictionary, which contains functions such as exec and eval. By manipulating certain attributes of objects like GridSearchCV, an attacker can trigger execution of malicious code automatically when a model is loaded, without requiring privileges or user interaction beyond loading the malicious model file. This makes the vulnerability highly exploitable in collaborative or automated environments. The vulnerability is fixed in skops version 0.12.0. [1]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing attackers to execute arbitrary code on your system during the loading of a malicious skops model file. This can compromise the confidentiality, integrity, and availability of your system and any connected systems. Since the exploit requires no privileges or user interaction beyond loading the model, it poses a high risk in environments where models are shared or automatically loaded, potentially leading to unauthorized access, data breaches, or system disruption. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the use of vulnerable skops versions (0.11.0 and below) and monitoring for suspicious model loading activities that exploit MethodNode's attribute access. Since the exploit triggers arbitrary code execution during model load time, one can detect it by auditing deserialization logs or by scanning for models serialized with vulnerable skops versions. Additionally, checking for unexpected or unauthorized use of Python built-in functions like exec or eval during model loading can indicate exploitation attempts. Specific commands are not provided in the resources, but general approaches include: 1) verifying the installed skops version with `pip show skops` or `pip list | grep skops`; 2) monitoring logs for errors or unusual activity during model loading; 3) using static analysis or scanning tools to inspect serialized model files for suspicious MethodNode usage or unexpected attribute chains. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the skops library to version 0.12.0 or later, where this vulnerability is fixed by hardening the deserialization process and enforcing strict validation of MethodNode and OperatorNode attributes. Additionally, applying the security patches that enhance audit checks and raise exceptions on untrusted or tampered data will prevent exploitation. Avoid loading models from untrusted sources, and implement strict input validation and auditing during model deserialization. If upgrading immediately is not possible, consider restricting or sandboxing the environment where model loading occurs to limit potential damage from arbitrary code execution. [1, 2]