CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1550: Arbitrary Code Execution via Crafted Keras Config for Model Loading

7.3 CVSS

Description

The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.

Classification

CVE ID: CVE-2025-1550

CVSS Base Severity: HIGH

CVSS Base Score: 7.3

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem Types

CWE-94: Improper Control of Generation of Code ('Code Injection')

Affected Products

Vendor: Google

Product: Keras

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.47% (scored less or equal to compared to others)

EPSS Date: 2025-04-09 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1550
https://github.com/keras-team/keras/pull/20751

Timeline

2025-03-11 09:40:18 UTC
CVE

Arbitrary Code Execution via Crafted Keras Config for Model Loading
2025-03-11 17:15:19 UTC
Github Advisory Database (PIP)

[keras] Keras arbitrary code execution vulnerability
2025-03-11 21:15:19 UTC
Github Advisory Database (PIP)

[keras] Arbitrary Code Execution via Crafted Keras Config for Model Loading