CVE-2025-51427
Deferred Deferred - Pending Action
Code Execution in ModelScope via Malicious Module Configuration

Publication date: 2026-05-19

Last updated on: 2026-05-19

Assigner: MITRE

Description
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-05-19
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2025-51427
EUVD
EUVD-2025-209897
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
modelscope modelscope 1.25.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in ModelScope version 1.25.0 and allows attackers to execute arbitrary code. The issue arises because an attacker can craft a malicious module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'], which the software then executes.

Impact Analysis

The vulnerability can lead to remote code execution (RCE), meaning an attacker could run any code they choose on the affected system. This could result in unauthorized access, data theft, system compromise, or disruption of services.

Detection Guidance

This vulnerability involves execution of arbitrary code via a crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'] in ModelScope 1.25.0.

To detect this vulnerability on your system, you should inspect the configuration file dey_mini.yaml for suspicious or unexpected entries under the ['nnet']['module'] key that might reference untrusted or remote code.

Commands to help detect this might include searching for the module key in the configuration file, for example:

  • grep -A 5 "nnet" dey_mini.yaml
  • grep "module" dey_mini.yaml

Additionally, monitoring network traffic for unexpected outbound connections from ModelScope processes could help identify exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include:

  • Review and sanitize the configuration file dey_mini.yaml to ensure no untrusted or remote modules are specified under ['nnet']['module'].
  • Avoid loading or trusting remote code or modules in the ModelScope environment.
  • Update ModelScope to a version where this vulnerability is fixed once a patch or update is released.
  • Restrict network access for ModelScope processes to prevent unauthorized remote code execution.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-51427. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart