CVE-2025-1550

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Keras versions 3.0.0 through 3.7.9

Description The Keras Model.load model function allows for arbitrary code execution, even when safe mode is enabled. This occurs through a maliciously crafted .keras archive. An attacker can modify the config.json file within the archive to specify arbitrary Python modules and functions, along with their arguments, which are then loaded and executed during model loading. The vulnerability stems from insufficient validation during model loading, specifically within the handling of the config.json file.

Recommendations Update to Keras version 3.9 or later. Only load models from trusted sources.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

AZL-58360

BDU:2025-02637

CVE-2025-1550

GHSA-48G7-3X6R-XFHP

GHSA-5478-V2W6-C6Q7

PYSEC-2025-122

Affected Products

Debian

Keras

CVE-2025-1550

Weakness Enumeration

Related Identifiers

Affected Products

References · 39