Vulnerability in Skops-dev Skops

CVE-2025-54413

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. T…

EPSS: 0.001 (16.1th percentile) — read the EPSS interpretation.

Affected products

Skops-dev Skops — versions < 12.0.0

Weakness classification (CWE)

CWE-351

References

https://github.com/skops-dev/skops/security/advisories/GHSA-4v6w-xpmh-gfgp (x_refsource_CONFIRM)
https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3 (x_refsource_MISC)
https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603 (x_refsource_MISC)
https://drive.google.com/drive/folders/1bmVV18mnPbWy21hVYgf51yVJpf78vtB_?usp=sharing (x_refsource_MISC)
https://github.com/skops-dev/skops/releases/tag/v0.12.0 (x_refsource_MISC)