CVE-2025-1550

High CVSS: 7.3

The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.

Vendor

Keras

Product

Keras

CWE

CWE-94

Yayın Tarihi

2025-03-11 09:15:25

Güncelleme

2025-07-31 16:55:39

Source Identifier

cve-coordination@google.com

KEV Date Added

Kategoriler

CWE-94 Keras HIGH Keras 2025

Referanslar

https://github.com/keras-team/keras/pull/20751 https://towerofhanoi.it/writeups/cve-2025-1550/

Benzer Kayıtlar

High

CVE-2026-1669

Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supp…

High

CVE-2026-0897

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through…

High

CVE-2025-9905

The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One c…

High

CVE-2025-9906

The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One c…

High

CVE-2025-8747

A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attac…

Medium

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar fi…