CVE-2025-1550CRITICAL 9.8EPSS p84.6%

CVE-2025-1550CVE-2025-1550

Description

The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS2.80% probability of exploitation · percentile 84.6% · 2026-06-19T12:03:05Z
Published2025-03-11
Last modified2025-07-31

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/keras-team/keras/pull/20751
  2. https://towerofhanoi.it/writeups/cve-2025-1550/

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-49655
CVE
CVE-2026-1462
CVE
CVE-2026-38950
CVE
CVE-2025-1945
CVE
CVE-2026-5241
CVE
CVE-2026-31229
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.