CVE-2025-49655 | THREATINT

Description

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being enabled. The vulnerability can be triggered through both local and remote files.

PUBLISHED Reserved 2025-06-09 | Published 2025-10-17 | Updated 2025-10-17 | Assigner HiddenLayer

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Default status

unaffected

3.11.0 before 3.11.3

affected

References

hiddenlayer.com/sai_security_advisor/2025-10-keras/

github.com/keras-team/keras/pull/21575

cve.org (CVE-2025-49655)

nvd.nist.gov (CVE-2025-49655)

Download JSON