{"id":71892,"date":"2025-10-17T19:45:37","date_gmt":"2025-10-17T16:15:37","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-49655-keras-torchmodulewrapper-deserialization-vulnerability\/"},"modified":"2025-10-17T19:45:37","modified_gmt":"2025-10-17T16:15:37","slug":"cve-2025-49655-keras-torchmodulewrapper-deserialization-vulnerability","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-49655-keras-torchmodulewrapper-deserialization-vulnerability\/","title":{"rendered":"CVE-2025-49655 &#8211; Keras TorchModuleWrapper Deserialization Vulnerability"},"content":{"rendered":"<p>CVE ID : CVE-2025-49655<\/p>\n<p>Published :  Oct. 17, 2025, 4:15 p.m. | 25\u00a0minutes ago<\/p>\n<p>Description : Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a\u00a0TorchModuleWrapper class to run arbitrary code on an end user\u2019s system when loaded despite safe mode being enabled. The vulnerability can be triggered through both local and remote files.<\/p>\n<p>Severity: 9.8 | CRITICAL<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-49655 Published : Oct. 17, 2025, 4:15 p.m. | 25\u00a0minutes ago Description : Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a\u00a0TorchModuleWrapper class to run arbitrary code on an end user\u2019s system &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-71892","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/71892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=71892"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/71892\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=71892"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=71892"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=71892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}