Arbitrary Code Execution (ACE)

skops is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to Card.getmodel falling back to joblib for non-.zip file formats without warning, which allows an attacker to load a malicious model file and execute arbitrary code...

CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

Skops 代码问题漏洞

Skops is a Python library from the Skops project that helps share scikit-learn-based models and put them into production. A code issue vulnerability exists in Skops 0.12.0 and earlier versions that stems from the Card.getmodel function not preventing arbitrary code execution, which could lead to ...

PT-2025-32333 · Skops · Skops

Name of the Vulnerable Software and Affected Versions: skops versions 0.12.0 and below skops versions prior to 0.13.0 Description: The Card.get model function in skops allows for arbitrary code execution when loading models. This occurs because the function supports both joblib and skops for mode...