CVE-2025-49655

Name of the Vulnerable Software and Affected Versions Keras versions 3.11.0 through 3.11.2

Description The Keras framework is susceptible to a critical security issue stemming from unsafe deserialization of untrusted data. Specifically, when loading Keras files containing a maliciously crafted TorchModuleWrapper class, an attacker can execute arbitrary code on a user’s system. This is possible even when safe mode is enabled. The issue can be triggered through both local and remote files.

Recommendations Versions 3.11.0 through 3.11.2 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.