aikido.dev Secure My Code

Intel/AIKIDO-2025-10538

AIKIDO-2025-10538

skops is vulnerable to Remote Code Execution (RCE)

Remote Code Execution (RCE)CVE-2025-54886 Published Aug 8, 2025

75

High Risk

This Affects:

Python

0.1.0 - 0.12.0

Fixed in 0.13.0

Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to remote code execution due to the lack of safeguards against unpickling malicious files. Specifically, the package allows arbitrary code execution when processing untrusted pickle data, exposing systems to severe security risks. The issue is resolved in the patched version by introducing an allow_pickle flag (disabled by default) which prevents unsafe deserialization and limits unpickling to trusted sources.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

skops is vulnerable to Remote Code Execution (RCE) in versions 0.1.0 - 0.12.0.

How to fix this

Upgrade the skops library to the patch version.

75

High Risk

This Affects:

Python

0.1.0 - 0.12.0

Fixed in 0.13.0

Are you affected? Scan for Free

Links

CVE Detail

github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm

GitHub Release

github.com/skops-dev/skops/releases/tag/v0.13.0

Fix Commit

github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Free. No credit card required.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done