PatchSiren

modelscope CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH modelscope CVE published 2026-05-19

CVE-2025-51427

CVE-2025-51427 describes an arbitrary code execution issue in ModelScope 1.25.0 tied to a crafted module reference in the dey_mini.yaml configuration file. The NVD metadata maps this to CWE-94 and rates it HIGH (CVSS 7.3), so environments using the affected version should treat it as a serious code-execution risk.