CVE-2025-51427

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].
Configurations

No configuration.

History

30 Jun 2026, 03:16

Type Values Removed Values Added
CWE CWE-502
References
  • () https://access.redhat.com/security/cve/CVE-2025-51427 -
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2479894 -
  • () https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-51427.json -

19 May 2026, 16:16

Type Values Removed Values Added
CWE CWE-94
References () https://github.com/JIRUWOZHI/vulnerability-disclosure/blob/main/CVE-2025-51427/CVE_2025_51427.md - () https://github.com/JIRUWOZHI/vulnerability-disclosure/blob/main/CVE-2025-51427/CVE_2025_51427.md -
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.3

19 May 2026, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-05-19 15:16

Updated : 2026-06-30 03:16


NVD link : CVE-2025-51427

Mitre link : CVE-2025-51427

CVE.ORG link : CVE-2025-51427


JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-502

Deserialization of Untrusted Data