Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2025-1550
Severity
7.3HIGH
EPSS
4.8%
top 10.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMar 11
Latest updateAug 12
Description
The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.
CVSS vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected Packages3 packages
Patches
🔴Vulnerability Details
5💥Exploits & PoCs
2Nuclei▶
Keras Model.load_model - Arbitrary Code Execution
📋Vendor Advisories
4Debian▶
CVE-2025-1550: keras - The Keras Model.load_model function permits arbitrary code execution, even with ...↗2025
Microsoft▶
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion↗2024-02-13