CVE-2025-49655_CVE-2025-49655

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being enabled. The vulnerability can be triggered through both local and remote files.

Basic Information

ID CVE-2025-49655

Source HiddenLayer

Published Oct 17, 2025 at 15:20

Modified Oct 17, 2025 at 15:58

Affected Product

Vendor Keras

Product Keras

Version 3.11.0

Affected Versions Keras Keras 3.11.0

CWE Classification

CWE-502

References

{
    "lastseen": "",
    "description": "Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a\u00a0TorchModuleWrapper class to run arbitrary code on an end user\u2019s system when loaded despite safe mode being enabled. The vulnerability can be triggered through both local and remote files.",
    "published": "2025-10-17T15:20:27.308Z",
    "modified": "2025-10-17T15:58:34.204Z",
    "type": "cve",
    "title": "CVE-2025-49655",
    "source": "HiddenLayer",
    "references": "https://hiddenlayer.com/sai_security_advisor/2025-10-keras/\nhttps://github.com/keras-team/keras/pull/21575",
    "id": "CVE-2025-49655",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "Keras Keras 3.11.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Keras",
    "version": "3.11.0",
    "vendor": "Keras",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}