VDB
CVE-2025-8747
CVE-2025-8747
PUBLISHED
CVSS 8.600000381469727 HIGH
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.
EPSS 0.01% · 1.4th percentile
Risk Scores
CVSS v4.0
8.600000381469727
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A
EPSS Score
0.01%
1.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Keras | 3.0.0 | |
| keras | keras | 3.0.0 |
| PyPI | keras | 3.0.0 |
Timeline
- Aug 11, 2025 EPSS Score
- Aug 11, 2025 CVE Published
- Aug 11, 2025 PoC Published
- Aug 11, 2025 PoC Published
- Aug 19, 2025 EPSS Score
- Aug 28, 2025 EPSS Score
- Sep 5, 2025 EPSS Score
- Sep 13, 2025 EPSS Score
- Sep 22, 2025 EPSS Score
- Sep 30, 2025 EPSS Score
- Oct 8, 2025 EPSS Score
- Oct 16, 2025 EPSS Score
References
- https://github.com/keras-team/keras/pull/21429 patch
- https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/ third-party-advisory
- https://github.com/keras-team/keras/security/advisories/GHSA-c9rc-mg46-23w3 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-8747 advisory
- https://github.com/keras-team/keras/commit/713172ab56b864e59e2aa79b1a51b0e728bba858 url
- https://github.com/keras-team/keras package
- https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability url