What is GHSA-48g7-3x6r-xfhp?

GHSA-48g7-3x6r-xfhp is a security advisory published by GitHub Security Advisories with High severity. Arbitrary Code Execution via Crafted Keras Config for Model Loading

Which CVE IDs does GHSA-48g7-3x6r-xfhp cover?

GHSA-48g7-3x6r-xfhp covers the following CVE IDs: CVE-2025-1550. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

Which products are affected by GHSA-48g7-3x6r-xfhp?

GHSA-48g7-3x6r-xfhp affects 1 product, including: pip/keras:\u003e= 3.0.0, \u003c 3.9.0.

GHSA-48g7-3x6r-xfhpHigh

Arbitrary Code Execution via Crafted Keras Config for Model Loading

Vendor

GitHub Security Advisories

Published

March 11, 2025

Last Modified

June 6, 2026

🔗 CVE IDs covered (1)

CVE-2025-1550 →

📋 Description

Impact

The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.

Patches

This problem is fixed starting with version 3.9.

Workarounds

Only load models from trusted sources and model archives created with Keras.

References

https://www.cve.org/cverecord?id=CVE-2025-1550
https://github.com/keras-team/keras/pull/20751

🎯 Affected products1

pip/keras:>= 3.0.0, < 3.9.0

🔗 References (8)

https://github.com/keras-team/keras/security/advisories/GHSA-48g7-3x6r-xfhp
https://nvd.nist.gov/vuln/detail/CVE-2025-1550
https://github.com/keras-team/keras/pull/20751
https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903
https://github.com/keras-team/keras/releases/tag/v3.9.0
https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-122.yaml
https://towerofhanoi.it/writeups/cve-2025-1550
https://github.com/advisories/GHSA-48g7-3x6r-xfhp