Lucene search
K

6 matches found

OSV
OSV
added 2026/05/19 3:31 p.m.8 views

GHSA-FHHQ-H4HG-549X ModelScope is vulnerable to arbitrary code injection via a crafted module

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

7.3CVSS6.2AI score0.00529EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/19 3:31 p.m.11 views

ModelScope is vulnerable to arbitrary code injection via a crafted module

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

8.1CVSS6.2AI score0.00529EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.7 views

CVE-2025-51427

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

6.2AI score0.00529EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.7 views

CVE-2025-51427

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

6.2AI score0.00529EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/19 12:0 a.m.14 views

EUVD-2025-209897

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file deymini.yaml under the key 'nnet''module'...

7.3CVSS6.2AI score0.00529EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 12:0 a.m.19 views

CVE-2025-51427

ModelScope 1.25.0 is affected by CVE-2025-51427. The issue allows arbitrary code execution via a crafted module listed in the deployment’s configuration file (dey_mini.yaml) under the key ['nnet']['module']. The root cause is a unsafe module loading path in the configuration, enabling an attacker...

8.1CVSS6.2AI score0.00529EPSS
Exploits0References6
Rows per page
Query Builder