CVE-2025-8747

High CVSS: 8.6

A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.

Vendor

Keras

Product

Keras

CWE

CWE-502

Yayın Tarihi

2025-08-11 08:15:26

Güncelleme

2025-08-14 16:24:41

Source Identifier

cve-coordination@google.com

KEV Date Added

Kategoriler

CWE-502 Keras HIGH Keras 2025

Referanslar

https://github.com/keras-team/keras/pull/21429 https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/ https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/

Benzer Kayıtlar

High

CVE-2026-1669

Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supp…

High

CVE-2026-0897

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through…

High

CVE-2025-9905

The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One c…

High

CVE-2025-9906

The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One c…

High

CVE-2025-1550

The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually const…

Medium

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar fi…