CVE-2025-1550

CRITICAL NUCLEI

Keras < 3.8.0 - Code Injection

Title source: rule

Description

The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.

Exploits (2)

exploitdb WORKING POC

by Mohammed Idrees Banyamer · pythonremotepython

https://www.exploit-db.com/exploits/52359

View Code ZIP pw:eip

github WORKING POC

by ChCh0i · pythonpoc

https://github.com/ChCh0i/cve-2025-1550

View Code ZIP pw:eip

Nuclei Templates (1)

Keras Model.load_model - Arbitrary Code Execution

CRITICALby nukunga[seunghyeonJeon]

References (2)

[Issue Tracking, Patch] https://github.com/keras-team/keras/pull/20751

[Exploit, Third Party Advisory] https://towerofhanoi.it/writeups/cve-2025-1550/

Scores

CVSS v3 9.8

EPSS 0.0797

EPSS Percentile 92.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (2)

keras/keras 3.0.0 - 3.8.0

pypi/keras 3.0.0 - 3.9.0PyPI

Published Mar 11, 2025

Tracked Since Feb 18, 2026