CVE-2025-51427: ModelScope is vulnerable to arbitrary code injection via a crafted module
(updated )
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key [’nnet’][‘module’].
References
- github.com/JIRUWOZHI/vulnerability-disclosure/blob/main/CVE-2025-51427/CVE_2025_51427.md
- github.com/advisories/GHSA-fhhq-h4hg-549x
- github.com/modelscope/modelscope/commit/75d54927e112261d39598ca08c15b66a7ff3f735
- github.com/modelscope/modelscope/issues/1331
- github.com/modelscope/modelscope/pull/1333
- nvd.nist.gov/vuln/detail/CVE-2025-51427
Code Behaviors & Features
Detect and mitigate CVE-2025-51427 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →