A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The e [truncated]
CVE-2025-51427 describes an arbitrary code execution issue in ModelScope 1.25.0 tied to a crafted module reference in the dey_mini.yaml configuration file. The NVD metadata maps this to CWE-94 and rates it HIGH (CVSS 7.3), so environments using the affected version should treat it as a serious code-execution risk.