CVE-2025-49655 — Vulnetix

CVE-2025-49655 PUBLISHED CVSS 9.800000190734863 CRITICAL

Keras framework vulnerable to deserialization of untrusted data

EPSS 0.05% · 15.3th percentile

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.05%

15.3th percentile

Affected Products

Vendor	Product	Versions
Keras	Keras	3.11.0
PyPI	keras	3.11.0

Exploit Intelligence

CIRCL seen: CVE-2025-49655 (circl-sighting)
CIRCL seen: CVE-2025-49655 (circl-sighting)
CIRCL seen: CVE-2025-49655 (circl-sighting)
https://hiddenlayer.com/sai_security_advisor/2025-10-keras/ (circl)
https://github.com/keras-team/keras/pull/21575 (circl)
package.py (github-poc)
package.py (github-poc)
package.py (github-poc)
package.py (github-poc)
package.py (github-poc)

…and 3 more exploits

Timeline

Oct 17, 2025 CVE Published
Oct 17, 2025 Coalition ESS Score
Oct 18, 2025 EPSS Score
Oct 20, 2025 PoC Published
Oct 21, 2025 PoC Published
Oct 24, 2025 EPSS Score
Oct 30, 2025 EPSS Score
Nov 5, 2025 EPSS Score
Nov 11, 2025 EPSS Score
Nov 17, 2025 EPSS Score
Nov 17, 2025 Coalition ESS Score
Nov 23, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›