Arbitrary Code Execution via Crafted Keras Config for Model Loading — CVE-2025-1550
GitHub · GitHub · CVE-2025-1550
ID
CVE-2025-1550
CVE-2025-1550
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
high
high
CVSS
7.3
7.3
EPSS
0.07973
0.07973
Summary
### Impact The Keras `Model.load_model` function permits arbitrary code execution, even with `safe_mode=True`, through a manually constructed, malicious `.keras` archive. By altering the `config.json` file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading. ### Patches This problem is fixed starting with…
Product
pip: keras
What to do
General, cautious steps (verify details in the official source):
- Prioritize patching or mitigation immediately (treat as actively risky).
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.