CVE-2025-9906 & CVE-2025-9905 — Keras Library Vulnerabilities Arbitrary Code Execution in AI/ML Framework Vulnerability Analysis Report — By CyberDudeBivash
Author: CyberDudeBivash · Powered by: CyberDudeBivash Executive Summary Two serious vulnerabilities were disclosed in the Keras library , widely used in deep learning workflows. CVE-2025-9906 : CVSS 8.6 (High) CVE-2025-9905 : CVSS 7.3 (High) Both issues allow arbitrary code execution (ACE), which could be weaponized in supply-chain attacks, malicious model distribution, or unsafe deserialization of model files. Since Keras underpins many AI/ML production pipelines , the impact radius is vast — from research environments to enterprise ML deployments. Technical Details CVE-2025-9906 (CVSS 8.6) Type : Deserialization / unsafe model parsing flaw. Impact : Maliciously crafted model files ( .h5 / TensorFlow SavedModel) can trigger execution of arbitrary code when loaded. Attack Scenario : An attacker uploads or distributes a tainted model (e.g., via GitHub, Hugging Face, PyPI) → victim loads it into Keras → embedded payload executes. Severity Justification ...