What is CVE-2025-54412?

CVE-2025-54412 is a vulnerability in Skops-dev Skops, classified under CWE-351. Published 2025-07-26.

Is CVE-2025-54412 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Skops-dev Skops

CVE-2025-54412

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator method…

EPSS: 0.000 (11.7th percentile) — read the EPSS interpretation.

Affected products

Skops-dev Skops — versions < 0.12.0

Weakness classification (CWE)

CWE-351

Public proof-of-concept exploits

References

https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3 (x_refsource_CONFIRM)
https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603 (x_refsource_MISC)
https://github.com/skops-dev/skops/releases/tag/v0.12.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-54412?: CVE-2025-54412 is a vulnerability in Skops-dev Skops, classified under CWE-351. Published 2025-07-26.
Is CVE-2025-54412 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.