A critical vulnerability (CVE-2025-1550, CVSS score 7.3) has been discovered in Keras, a popular deep learning framework. The flaw resides in the Model.load_model function, which allows arbitrary code execution even with safe_mode=True enabled. Attackers can manipulate .keras archives, specifically the config.json file, to execute malicious code during the model loading process. The issue affects systems using older versions of Keras. Users are strongly urged to upgrade to Keras version 3.9 or later and avoid loading models from untrusted sources.

‍