VDB
CVE-2025-1550
CVE-2025-1550
PUBLISHED
CVSS 7.300000190734863 HIGH
The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.
EPSS 7.97% · 92.2th percentile
Risk Scores
CVSS v4.0
7.300000190734863
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS Score
7.97%
92.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Keras | 3.0.0 | |
| PyPI | keras | 3.0.0 |
| keras | keras | 3.0.0 |
Timeline
- Mar 11, 2025 CVE Published
- Mar 12, 2025 EPSS Score
- Mar 14, 2025 PoC Published
- Mar 25, 2025 Coalition ESS Score
- Mar 26, 2025 EPSS Score
- Apr 8, 2025 EPSS Score
- Apr 22, 2025 EPSS Score
- May 5, 2025 EPSS Score
- May 19, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jun 15, 2025 EPSS Score
- Jul 12, 2025 EPSS Score
References
- https://github.com/keras-team/keras/pull/20751 url
- https://towerofhanoi.it/writeups/cve-2025-1550/ url
- https://github.com/keras-team/keras/security/advisories/GHSA-48g7-3x6r-xfhp url
- https://nvd.nist.gov/vuln/detail/CVE-2025-1550 advisory
- https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903 url
- https://github.com/keras-team/keras package
- https://github.com/keras-team/keras/releases/tag/v3.9.0 url