{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54413", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-21T23:18:10.280Z", "datePublished": "2025-07-26T03:29:43.716Z", "dateUpdated": "2025-07-28T13:59:58.255Z"}, "containers": {"cna": {"title": "skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time", "problemTypes": [{"descriptions": [{"cweId": "CWE-351", "lang": "en", "description": "CWE-351: Insufficient Type Distinction", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/skops-dev/skops/security/advisories/GHSA-4v6w-xpmh-gfgp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/skops-dev/skops/security/advisories/GHSA-4v6w-xpmh-gfgp"}, {"name": "https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3", "tags": ["x_refsource_MISC"], "url": "https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3"}, {"name": "https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603", "tags": ["x_refsource_MISC"], "url": "https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603"}, {"name": "https://drive.google.com/drive/folders/1bmVV18mnPbWy21hVYgf51yVJpf78vtB_?usp=sharing", "tags": ["x_refsource_MISC"], "url": "https://drive.google.com/drive/folders/1bmVV18mnPbWy21hVYgf51yVJpf78vtB_?usp=sharing"}, {"name": "https://github.com/skops-dev/skops/releases/tag/v0.12.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/skops-dev/skops/releases/tag/v0.12.0"}], "affected": [{"vendor": "skops-dev", "product": "skops", "versions": [{"version": "< 12.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-26T03:29:43.716Z"}, "descriptions": [{"lang": "en", "value": "skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to GHSA-m7f4-hrc6-fwg3, it is actually more severe, as it relies on fewer assumptions about trusted types. This is fixed in version 12.0.0."}], "source": {"advisory": "GHSA-4v6w-xpmh-gfgp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T13:59:46.714447Z", "id": "CVE-2025-54413", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T13:59:58.255Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54413", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-28T13:59:46.714447Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T13:59:50.260Z"}}], "cna": {"title": "skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time", "source": {"advisory": "GHSA-4v6w-xpmh-gfgp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "skops-dev", "product": "skops", "versions": [{"status": "affected", "version": "< 12.0.0"}]}], "references": [{"url": "https://github.com/skops-dev/skops/security/advisories/GHSA-4v6w-xpmh-gfgp", "name": "https://github.com/skops-dev/skops/security/advisories/GHSA-4v6w-xpmh-gfgp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3", "name": "https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603", "name": "https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603", "tags": ["x_refsource_MISC"]}, {"url": "https://drive.google.com/drive/folders/1bmVV18mnPbWy21hVYgf51yVJpf78vtB_?usp=sharing", "name": "https://drive.google.com/drive/folders/1bmVV18mnPbWy21hVYgf51yVJpf78vtB_?usp=sharing", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/skops-dev/skops/releases/tag/v0.12.0", "name": "https://github.com/skops-dev/skops/releases/tag/v0.12.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to GHSA-m7f4-hrc6-fwg3, it is actually more severe, as it relies on fewer assumptions about trusted types. This is fixed in version 12.0.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-351", "description": "CWE-351: Insufficient Type Distinction"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-26T03:29:43.716Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54413", "state": "PUBLISHED", "dateUpdated": "2025-07-28T13:59:58.255Z", "dateReserved": "2025-07-21T23:18:10.280Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-26T03:29:43.716Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to GHSA-m7f4-hrc6-fwg3, it is actually more severe, as it relies on fewer assumptions about trusted types. This is fixed in version 12.0.0."}, {"lang": "es", "value": "skops es una librer\u00eda de Python que ayuda a los usuarios a compartir y enviar sus modelos basados en scikit-learn. Las versiones 0.11.0 y anteriores contienen una inconsistencia en MethodNode, que puede explotarse para acceder a campos de objeto inesperados mediante la notaci\u00f3n de puntos. Esto permite la ejecuci\u00f3n de c\u00f3digo arbitrario en tiempo de carga. Si bien este problema puede parecer similar a GHSA-m7f4-hrc6-fwg3, en realidad es m\u00e1s grave, ya que se basa en menos suposiciones sobre los tipos de confianza. Esto se solucion\u00f3 en la versi\u00f3n 12.0.0."}], "id": "CVE-2025-54413", "lastModified": "2025-07-29T14:14:55.157", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-26T04:16:06.793", "references": [{"source": "[email protected]", "url": "https://drive.google.com/drive/folders/1bmVV18mnPbWy21hVYgf51yVJpf78vtB_?usp=sharing"}, {"source": "[email protected]", "url": "https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603"}, {"source": "[email protected]", "url": "https://github.com/skops-dev/skops/releases/tag/v0.12.0"}, {"source": "[email protected]", "url": "https://github.com/skops-dev/skops/security/advisories/GHSA-4v6w-xpmh-gfgp"}, {"source": "[email protected]", "url": "https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-351"}], "source": "[email protected]", "type": "Primary"}]}

{}