CVE-2025-54412: Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution
(updated )
An inconsistency in OperatorFuncNode can be exploited to hide the execution of untrusted operator.xxx methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types.
Note: This report focuses on operator.call as it appears to be the most interesting target, but the same technique applies to other operator methods. Moreover, focusing on a specific example is not necessary, the operator.call invocation was a zero-effort choice meant solely to demonstrate the issue. The key point is the inconsistency that allows a user to approve a type as trusted, while in reality enabling the execution of operator.xxx.
References
- drive.google.com/file/d/1c2KrjayE_S1siaou0vDmGK7_MQ7_YCUZ/view?usp=sharing
- github.com/advisories/GHSA-m7f4-hrc6-fwg3
- github.com/io-no/CVE-Reports/tree/main/CVE-2025-54412
- github.com/skops-dev/skops
- github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603
- github.com/skops-dev/skops/releases/tag/v0.12.0
- github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3
- nvd.nist.gov/vuln/detail/CVE-2025-54412
Code Behaviors & Features
Detect and mitigate CVE-2025-54412 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →