Safe Mode Bypass Vulnerability in Keras by Keras Team
CVE-2025-8747

8.6HIGH

Key Information:

Vendor: Google
Status: Keras
Vendor: CVE Published:; 11 August 2025

What is CVE-2025-8747?

A safe mode bypass vulnerability exists in the 'Model.load_model' method of Keras versions 3.0.0 to 3.10.0. This flaw enables attackers to execute arbitrary code by persuading users to load a maliciously crafted '.keras' model archive file. Proper precautions should be taken when using the model loading functionality, especially in scenarios involving untrusted sources.

Affected Version(s)

Keras 3.0.0 <= 3.10.0

References

https://github.com/keras-team/keras/pull/21429

patch

https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2025
Vulnerability Reserved
Aug 8, 2025

Credit

JFrog Security Research Team

Google

What is CVE-2025-8747?

Affected Version(s)

References

CVSS V4

Timeline

Credit