Описание
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| keras | not-affected | package |
Примечания
Follow-up fix for CVE-2025-1550.
https://github.com/advisories/GHSA-c9rc-mg46-23w3
https://github.com/keras-team/keras/pull/21429 (v3.11.0)
EPSS
Связанные уязвимости
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality
EPSS