CVE-2025-49655CRITICAL 9.8EPSS p48.6%

CVE-2025-49655CVE-2025-49655

Description

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being enabled. The vulnerability can be triggered through both local and remote files.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.71% probability of exploitation · percentile 48.6% · 2026-06-19T12:03:05Z
Published2025-10-17
Last modified2026-04-15

Underlying weaknesses· 1

CWE-502

References

  1. https://github.com/keras-team/keras/pull/21575
  2. https://hiddenlayer.com/sai_security_advisor/2025-10-keras/

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1550
CVE
CVE-2026-1462
CVE
CVE-2025-33244
CVE
CVE-2025-1945
CVE
CVE-2026-38950
CVE
CVE-2026-31214
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.