7 matches found
CVE-2025-51427
A flaw was found in ModelScope. This vulnerability allows a remote attacker to execute arbitrary code by providing a specially crafted module within the configuration file deymini.yaml under the 'nnet.module' key. Successful exploitation could lead to complete system compromise...
ModelScope is vulnerable to arbitrary code injection via a crafted module
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
CVE-2025-51427
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
EUVD-2025-209897
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
CVE-2025-51427
ModelScope 1.25.0 is affected by CVE-2025-51427. The issue allows arbitrary code execution via a crafted module listed in the deployment’s configuration file (dey_mini.yaml) under the key ['nnet']['module']. The root cause is a unsafe module loading path in the configuration, enabling an attacker...
CVE-2025-51427
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...
CVE-2025-51427
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...