29 matches found
Improper Control of Dynamically-Managed Code Resources
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the Model.loadmodel method. An attacker can execute arbitrary code by providing a specially crafted .h5 or .hdf...
CVE-2025-9905 Arbitary Code execution in Keras load_model()
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
CVE-2025-9905 Arbitary Code execution in Keras load_model()
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
CVE-2025-9906 Arbitrary Code execution in Keras Safe Mode
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .keras model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
CVE-2025-9906 Arbitrary Code execution in Keras Safe Mode
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .keras model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
CVE-2025-9906
CVE-2025-9906 affects Keras Model.load_model: loading a specially crafted .keras archive can bypass safe_mode and trigger arbitrary code execution via a config.json entry that enables unsafe deserialization, followed by a Lambda layer with pickled code. Impact is arbitrary code execution during m...
PT-2025-38518
Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The Model.load model method is susceptible to arbitrary code execution, even when safe mode is enabled. A specially crafted .keras model archive containing a modified config.json file can trigg...
AI/LLM Model File Contains Executable Code (Keras HFS5 .h5)
Binary data aimodelkerashfs5containsexecutablecode.nbin...
Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a...