CVE-2025-8747

UNKNOWN 0.0

Keras safe_mode bypass allows arbitrary code execution when loading a malicious model.

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.

CWE	CWE-502
Vendor	google
Product	keras
Ecosystems	Android Cloud Chrome
Industries	Technology
Published	Aug 11, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for google keras

Be the first to know when new unknown vulnerabilities affecting google keras are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Google / Keras

3.0.0 ≤ 3.10.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/keras-team/keras/pull/21429 jfrog.com: https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/

Credits

🔍 JFrog Security Research Team