Описание
A safe mode bypass vulnerability in the Model.load_model method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive.
Ссылки
- Issue Tracking
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 3.10.0 (включая)
cpe:2.3:a:keras:keras:*:*:*:*:*:*:*:*
EPSS
Процентиль: 0%
0.00006
Низкий
7.8 High
CVSS3
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 7.8
ubuntu
13 дней назад
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.
CVSS3: 7.8
debian
13 дней назад
A safe mode bypass vulnerability in the `Model.load_model` method in K ...
CVSS3: 8.8
github
12 дней назад
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality
EPSS
Процентиль: 0%
0.00006
Низкий
7.8 High
CVSS3
Дефекты
CWE-502