CNNVD-202508-916 Information

CNNVD ID

CNNVD-202508-916

Related CVE

CVE-2025-8747

• CNNVD Published: 2025-08-11

Description (Chinese)

Keras是Keras开源的一个多后端深度学习框架。 Keras 3.0.0至3.10.0版本存在安全漏洞，该漏洞源于Model.load_model方法存在安全模式绕过，可能导致任意代码执行。

Description (English)

Keras is a multi-back-end in-depth learning framework for Keras open sources. There is a security loophole in Keras 3.0.0 to 3.10.0, which stems from the security pattern bypassed by the Model.load Model method, which may lead to arbitrary code enforcement.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Keras

Published

2025-08-11

Last Modified

2026-02-24

References

https://github.com/keras-team/keras/pull/21429 https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/

Patch

https://github.com/keras-team/keras/releases