CVE-2025-12058: The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vuln
highvulnerability
security
Summary
CVE-2025-12058 is a vulnerability in Keras (a machine learning library) where the load_model method can be tricked into reading files from a computer's local storage or making network requests to external servers, even when the safe_mode=True security flag is enabled. The problem occurs because the StringLookup layer (a component that converts text into numbers) accepts file paths during model loading, and an attacker can craft a malicious .keras file (a model storage format) to exploit this weakness.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Data ExtractionSupply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentiality
Affected Vendors
Google
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-12058
First tracked: February 15, 2026 at 08:42 PM
Classified by LLM (prompt v3) · confidence: 95%