Description
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3
Patch x_refsource_misc
https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603
Release Notes x_refsource_misc
https://github.com/skops-dev/skops/releases/tag/v0.12.0
Scores
CVSS v4
8.7
EPSS
0.0002
EPSS Percentile
4.4%
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-351
Status
published
Products (2)
pypi/skops
0 - 0.12.0PyPI
skops-dev/skops
< 0.12.0
Published
Jul 26, 2025
Tracked Since
Feb 18, 2026