Deserialization Of Untrusted Data

Keras framework is vulnerable to Deserialization of untrusted data. The vulnerability is due to improper handling of maliciously crafted Keras files during deserialization, which allows an attacker to execute arbitrary code on an end user’s system by loading a file containing a TorchModuleWrapper...

EUVD-2025-34892

Keras framework vulnerable to deserialization of untrusted data...

GHSA-CVHH-Q5G5-QPRP Keras framework vulnerable to deserialization of untrusted data

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

UBUNTU-CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

CVE-2025-49655

CVE-2025-49655 affects the Keras framework with deserialization of untrusted data in versions 3.11.0 up to, but not including, 3.11.3. A maliciously uploaded Keras file containing a TorchModuleWrapper class can execute arbitrary code on an end user’s system when loaded, even if safe mode is enabl...