CVE-2025-49655: Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not inc
criticalvulnerability
security
Summary
CVE-2025-49655 is a vulnerability in Keras (a machine learning framework) versions 3.11.0 through 3.11.2 where deserialization (converting saved data back into usable form) of untrusted data can allow malicious code to run on a user's computer when they load a specially crafted Keras file, even if safe mode is enabled. This vulnerability affects both locally stored and remotely downloaded files.
Solution / Mitigation
Update Keras to version 3.11.3 or later. The GitHub pull request at https://github.com/keras-team/keras/pull/21575 contains the fix.
Vulnerability Details
CVSS Score
9.8(critical)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Model Theft
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
HuggingFace
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-49655
First tracked: February 15, 2026 at 08:42 PM
Classified by LLM (prompt v3) · confidence: 92%