CVE-2025-1550: 
Python vulnerability analysis and mitigation

The Keras Model.load_model function contains a critical security vulnerability (CVE-2025-1550) that permits arbitrary code execution, even when safe_mode=True is enabled. The vulnerability was disclosed on March 11, 2025, affecting the popular multi-backend deep learning framework used by organizations like CERN, NASA, and NIH. The issue allows attackers to execute arbitrary code through a maliciously crafted .keras archive (NVD, Security Online).

The vulnerability stems from a flaw in the Model.load_model function's handling of .keras archives. Attackers can manipulate the config.json file within the archive to specify arbitrary Python modules and functions, along with their arguments, which are then loaded and executed during the model loading process. The vulnerability has been assigned a CVSS score of 7.3 (HIGH) with the vector string CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H, indicating its significant severity (NVD).

The vulnerability's impact is severe as it enables attackers to execute arbitrary code on systems using affected Keras versions. This poses a significant risk to organizations and individuals using Keras for machine learning applications, particularly in sensitive environments where code execution could lead to system compromise or data breaches (Security Online).

The vulnerability has been patched in Keras version 3.9 and later. Users are strongly advised to upgrade to version 3.9 or later to address this security issue. As a temporary workaround, users who cannot immediately update should only load models from trusted sources and use model archives that they have created themselves with Keras (Security Online).