Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2025-49655NVD

Description

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being enabled. The vulnerability can be triggered through both local and remote files.

Severity Level

CRITICAL (9.8)

Published Date

17/10/2025

Last Modified

17/10/2025

Exploitation Status

UNKNOWN

References

https://github.com/keras-team/keras/pull/21575
https://hiddenlayer.com/sai_security_advisor/2025-10-keras/