What is GHSA-fhhq-h4hg-549x?

GHSA-fhhq-h4hg-549x is a security advisory published by GitHub Security Advisories with High severity. ModelScope is vulnerable to arbitrary code injection via a crafted module

Which CVE IDs does GHSA-fhhq-h4hg-549x cover?

GHSA-fhhq-h4hg-549x covers the following CVE IDs: CVE-2025-51427. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-fhhq-h4hg-549x?

GHSA-fhhq-h4hg-549x has a CVSS v3 base score of 7.3, published by GitHub Security Advisories.

Which products are affected by GHSA-fhhq-h4hg-549x?

GHSA-fhhq-h4hg-549x affects 1 product, including: pip/modelscope:\u003c 1.27.0.

GHSA-fhhq-h4hg-549xHighCVSS 7.3

ModelScope is vulnerable to arbitrary code injection via a crafted module

Vendor

GitHub Security Advisories

Published

May 19, 2026

Last Modified

June 4, 2026

🔗 CVE IDs covered (1)

CVE-2025-51427 →

📋 Description

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].

🎯 Affected products1

pip/modelscope:< 1.27.0

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2025-51427
https://github.com/modelscope/modelscope/issues/1331
https://github.com/modelscope/modelscope/pull/1333
https://github.com/JIRUWOZHI/vulnerability-disclosure/blob/main/CVE-2025-51427/CVE_2025_51427.md
https://github.com/modelscope/modelscope/commit/75d54927e112261d39598ca08c15b66a7ff3f735
https://github.com/advisories/GHSA-fhhq-h4hg-549x