CVE-2025-54886: SKOPS Card.get_model happily allows arbitrary code execution

August 7, 2025 (updated September 10, 2025)

The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.get_model method silently falls back to joblib without warning. Unlike the .skops zip-based format, joblib permits unrestricted code execution, hence bypassing the security measures of skops and enabling the execution of malicious code.

References

github.com/advisories/GHSA-378x-6p4f-8jgm
github.com/io-no/CVE-Reports/tree/main/CVE-2025-54886
github.com/skops-dev/skops
github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda
github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm
nvd.nist.gov/vuln/detail/CVE-2025-54886

Code Behaviors & Features

Detect and mitigate CVE-2025-54886 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →