GHSA-48g7-3x6r-xfhp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-48g7-3x6r-xfhp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-48g7-3x6r-xfhp/GHSA-48g7-3x6r-xfhp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-48g7-3x6r-xfhp
- Aliases
- Related
- Published
- 2025-03-11T20:07:32Z
- Modified
- 2026-02-04T03:58:56.882496Z
- Severity
-
- 7.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
- Summary
- Arbitrary Code Execution via Crafted Keras Config for Model Loading
- Details
-
Impact
The Keras
Model.load_modelfunction permits arbitrary code execution, even withsafe_mode=True, through a manually constructed, malicious.kerasarchive. By altering theconfig.jsonfile within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.Patches
This problem is fixed starting with version
3.9.Workarounds
Only load models from trusted sources and model archives created with Keras.
References
- https://www.cve.org/cverecord?id=CVE-2025-1550
- https://github.com/keras-team/keras/pull/20751
- Database specific
{ "cwe_ids": [ "CWE-94" ], "github_reviewed_at": "2025-03-11T20:07:32Z", "nvd_published_at": null, "severity": "HIGH", "github_reviewed": true }- References
-
- https://github.com/keras-team/keras/security/advisories/GHSA-48g7-3x6r-xfhp
- https://nvd.nist.gov/vuln/detail/CVE-2025-1550
- https://github.com/keras-team/keras/pull/20751
- https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903
- https://github.com/keras-team/keras
- https://github.com/keras-team/keras/releases/tag/v3.9.0
Affected packages
PyPI / keras
Package
- Name
- keras
- View open source insights on deps.dev
- Purl
- pkg:pypi/keras