CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

PT-2025-32333 · Skops · Skops

Name of the Vulnerable Software and Affected Versions: skops versions 0.12.0 and below skops versions prior to 0.13.0 Description: The Card.get model function in skops allows for arbitrary code execution when loading models. This occurs because the function supports both joblib and skops for mode...