PT-2025-10719 · Keras+1 · Keras+1

Gabriele Digregorio

Publicado

2025-03-11

Atualizado

2025-11-10

CVE-2025-1550

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Keras versions 3.0.0 through 3.7.9

Description The Keras Model.load model function allows for arbitrary code execution, even when safe mode is enabled. This occurs through a maliciously crafted .keras archive. An attacker can modify the config.json file within the archive to specify arbitrary Python modules and functions, along with their arguments, which are then loaded and executed during model loading. The vulnerability stems from insufficient validation during model loading, specifically within the handling of the config.json file.

Recommendations Update to Keras version 3.9 or later. Only load models from trusted sources.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

AZL-58360

BDU:2025-02637

CVE-2025-1550

GHSA-48G7-3X6R-XFHP

GHSA-5478-V2W6-C6Q7

PYSEC-2025-122

Produtos afetados

Debian

Keras

PT-2025-10719 · Keras+1 · Keras+1

CVE-2025-1550

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40