CVE-2025-51427
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration fil
CVSS
7.3
Alto
EPSS
0.5%
p41
KEV
—
Exploit Today
12
0-100
Publicado: 19 may 2026 · Última mod.: 15 jul 2026 · CWE-94 · CWE-502
0.5%EPSS · 30 días0.5%
2026-06-302026-07-17
An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].
- github.comhttps://github.com/JIRUWOZHI/vulnerability-disclosure/blob/main/CVE-2025-51427/CVE_2025_51427.md
- github.comhttps://github.com/modelscope/modelscope/issues/1331
- github.comhttps://github.com/modelscope/modelscope/pull/1333
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2025-51427
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2479894
- github.comhttps://github.com/JIRUWOZHI/vulnerability-disclosure/blob/main/CVE-2025-51427/CVE_2025_51427.md
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-51427.json
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-32489.8 CRÍ100.0%
KEV—80Langflow Missing Authentication Vulnerability3dCVE-2021-422379.8 CRÍ99.9%
KEV—80Sitecore XP Remote Command Execution Vulnerability9dCVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2026-456598.8 ALT86.8%
KEV—76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability16dCVE-2026-154107.2 ALT71.1%
KEV—71SonicWall SMA1000 Appliances Code Injection Vulnerability2dCVE-2026-586449.8 CRÍ70.7%
KEV—71Microsoft SharePoint Deserialization of Untrusted Data Vulnerability1d