CVE-2025-1550 Information

Description

The Keras Model.load_model function permits arbitrary code execution even with safe_mode=True through a manually constructed malicious .keras archive. By altering the config.json file within the archive an attacker can specify arbitrary Python modules and functions along with their arguments to be loaded and executed during model loading.

Reference

https://github.com/keras-team/keras/pull/20751