Arbitrary Code Execution Vulnerability in ModelScope by ModelScope
CVE-2025-51427

7.3HIGH

Key Information:

Vendor: ModelScope
Status: ModelScope
Vendor: CVE Published:; 19 May 2026

What is CVE-2025-51427?

A vulnerability exists in ModelScope 1.25.0, allowing attackers to execute arbitrary code by manipulating the configuration file (dey_mini.yaml). Specifically, by crafting modules under the key ['nnet']['module'], attackers can exploit this weakness to gain unauthorized control over the application, posing significant risks to users and their data.

References

https://github.com/modelscope/modelscope/issues/1331

https://github.com/modelscope/modelscope/pull/1333

https://github.com/JIRUWOZHI/vulnerability-disclosure/blo...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
Jun 16, 2025

CVE-2025-51427 Data

JSON