HIGH 7.8

PYSEC-2025-75

Details

A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / keras

No fixed version published yet for keras (pip). Pin to a known-safe version or switch to an alternative.

References

https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/ [ADVISORY]
https://github.com/keras-team/keras/pull/21429 [REPORT]