What is CVE-2025-54886?

CVE-2025-54886 is a high-severity vulnerability in Skops-dev Skops, classified under Deserialization of Untrusted Data. CVSS score: 8.4/10. Published 2025-08-08.

How severe is CVE-2025-54886?

High severity. CVSS v3 base score is 8.4 out of 10.

Deserialization in Skops-dev Skops

CVE-2025-54886

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function suppor…

Vulnerability class: Insecure Deserialization

EPSS: 0.013 (80.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Skops-dev Skops — versions < 0.13.0

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

https://github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm (x_refsource_CONFIRM)
https://github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-54886?: CVE-2025-54886 is a high-severity vulnerability in Skops-dev Skops, classified under Deserialization of Untrusted Data. CVSS score: 8.4/10. Published 2025-08-08.
How severe is CVE-2025-54886?: High severity. CVSS v3 base score is 8.4 out of 10.