3 matches found
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906.
Summary IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906. This bulletin contains information regarding the vulnerability and its fixture...
bacpipe (>=1.2.0 <=1.3.2.dev0), decima2 (>=0.1.0 <=0.2.1) +11 more potentially affected by CVE-2025-9905 via keras (>=3.0.0 <=3.11.0)
keras PYPI version =3.0.0, =1.2.0, =0.1.0, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =1.1.0, =1.0.0, =1.2.0 Source cves: CVE-2025-9905 Source advisory: SNYK:PYTHON-KERAS-12927179...
CVE-2025-9905
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...