5 matches found
CVE-2025-9905 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter...
bacpipe (>=1.2.0 <=1.3.2.dev0), decima2 (>=0.1.0 <=0.2.1) +11 more potentially affected by CVE-2025-9905 via keras (>=3.0.0 <=3.11.0)
keras PYPI version =3.0.0, =1.2.0, =0.1.0, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =1.1.0, =1.0.0, =1.2.0 Source cves: CVE-2025-9905 Source advisory: OSV:GHSA-36RR-WW3J-VRJV...
CVE-2025-9905
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special .h5...
bacpipe (>=1.2.0 <=1.3.2.dev0), decima2 (>=0.1.0 <=0.2.1) +11 more potentially affected by CVE-2025-9905 via keras (>=3.0.0 <=3.11.0)
keras PYPI version =3.0.0, =1.2.0, =0.1.0, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =1.1.0, =1.0.0, =1.2.0 Source cves: CVE-2025-9905 Source advisory: OSV:PYSEC-2025-123...
CVE-2025-9905 Arbitary Code execution in Keras load_model()
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...