AI Threat Alert
Published August 11, 2025
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| keras | pip | >= 3.0.0, < 3.11.0 | 3.11.0 |
| keras | pip | — | No patch |
Severity & Risk
CVSS 3.1
7.8 / 10
EPSS
0.0%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
Patch available
Update keras to version 3.11.0
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H References
- jfrog.com/blog/keras-safe_mode-bypass-vulnerability/ 3rd Party
- github.com/keras-team/keras/pull/21429 Issue
- jfrog.com/blog/keras-safe_mode-bypass-vulnerability/ 3rd Party
- github.com/advisories/GHSA-c9rc-mg46-23w3
- github.com/keras-team/keras/commit/713172ab56b864e59e2aa79b1a51b0e728bba858
- github.com/keras-team/keras/pull/21429
- github.com/keras-team/keras/security/advisories/GHSA-c9rc-mg46-23w3
- jfrog.com/blog/keras-safe_mode-bypass-vulnerability
- nvd.nist.gov/vuln/detail/CVE-2025-8747
Timeline
Published
August 11, 2025
Last Modified
August 14, 2025
First Seen
August 11, 2025