CVE-2025-49655

CRITICAL9.8EPSS 0.05%

Keras framework vulnerable to deserialization of untrusted data

發布日:2025/10/17修改日:2026/4/28

描述

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being enabled. The vulnerability can be triggered through both local and remote files.

受影響套件(2)

Debian/kerasfrom 0
PyPI/keras>= 3.11.0, < 3.11.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-49655
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-49655
PATCHhttps://github.com/keras-team/keras
WEBhttps://github.com/keras-team/keras/pull/21575
WEBhttps://hiddenlayer.com/sai_security_advisor/2025-10-keras