CVE-2025-51427 modelscope CVE debrief

Who should care

Administrators, developers, and platform teams running ModelScope 1.25.0, especially where configuration files can be edited, uploaded, templated, or otherwise influenced by untrusted inputs.

Technical summary

The issue is described as arising when the nnet.module value in dey_mini.yaml points to a crafted module, allowing arbitrary code execution. Based on the supplied metadata, the weakness aligns with CWE-94 (code injection) and the CVSS vector indicates network-reachable impact without privileges or user interaction.

Defensive priority

High priority for any deployment of ModelScope 1.25.0. Focus first on systems that accept externally supplied or shared configuration files, then verify whether the affected configuration pattern exists anywhere in your codebase, deployment artifacts, or training pipelines.

Recommended defensive actions

• Inventory all ModelScope deployments and confirm whether version 1.25.0 is in use.
• Search for dey_mini.yaml or similar configuration files that define nnet.module values.
• Restrict who can create, modify, upload, or supply ModelScope configuration files.
• Treat configuration inputs as untrusted and validate module references against an allowlist.
• Upgrade or otherwise remediate affected ModelScope installations once a vendor fix is available or identified in the referenced issue/PR trail.
• Monitor systems for unexpected module-loading behavior or post-exploitation indicators after exposure to untrusted configuration content.

Evidence notes

The debrief is based on the supplied CVE description, which states that ModelScope 1.25.0 can execute arbitrary code via a crafted module listed under ['nnet']['module'] in dey_mini.yaml. Supplied NVD metadata adds CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, assigns CWE-94 as a secondary weakness, and marks the record as Deferred.

Official resources