A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.
References
| Link | Resource |
|---|---|
| https://github.com/keras-team/keras/pull/21429 | Issue Tracking |
| https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/ | Third Party Advisory |
| https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/ | Third Party Advisory |
Configurations
History
14 Aug 2025, 16:24
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/keras-team/keras/pull/21429 - Issue Tracking | |
| References | () https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/ - Third Party Advisory | |
| Summary | (es) Una vulnerabilidad de omisión del modo seguro en el método `Model.load_model` en las versiones 3.0.0 a 3.10.0 de Keras permite a un atacante lograr la ejecución de código arbitrario al convencer a un usuario de cargar un archivo de modelo `.keras` especialmente manipulado. | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CPE | cpe:2.3:a:keras:keras:*:*:*:*:*:*:*:* | |
| First Time |
Keras
Keras keras |
11 Aug 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| References | () https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/ - |
11 Aug 2025, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-08-11 08:15
Updated : 2025-08-14 16:24
NVD link : CVE-2025-8747
Mitre link : CVE-2025-8747
CVE.ORG link : CVE-2025-8747
JSON object : View
Products Affected
keras
- keras
CWE
CWE-502
Deserialization of Untrusted Data