CVE-2025-1550: The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually const
criticalvulnerability
security
Summary
Keras, a machine learning library, has a vulnerability in its Model.load_model function that allows attackers to run arbitrary code (code injection, where an attacker makes a program execute unintended commands) even when safety features are enabled. An attacker can create a malicious .keras file (a special archive format) and modify its config.json file to specify malicious Python code that runs when the model is loaded.
Vulnerability Details
CVSS Score
9.8(critical)
EPSS (30-day exploit probability)
EPSS: 4.8%
Classification
Attack Type
Model Theft
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Google
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-1550
First tracked: February 15, 2026 at 08:42 PM
Classified by LLM (prompt v3) · confidence: 95%