PRP: Keras CVE-2025-49655 Remote Code Execution

[a3vX]

• Identifier of the vulnerability: CVE-2025-49655
• Affected software: Keras
• Type of vulnerability: RCE
• Requires authentication: No
• Language you would use for writing the plugin: Templated plugins (if possible)
• Resources:
  • https://nvd.nist.gov/vuln/detail/CVE-2025-49655 (CVSS 9.8 CRITICAL)
  • Disable torch.load in TorchModuleWrapper when in safe mode. keras-team/keras#21575
  • https://hiddenlayer.com/sai_security_advisor/2025-10-keras/

Hi,
Keras 3 is a multi-backend deep learning framework. Versions 3.11.0 to 3.11.2 are affected by this critical vulnerability, which may lead to remote code execution.
Is this something that you would be interested in?
Thanks!

--a3vX

[github-actions]

Welcome to the Tsunami patch reward program!

Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us.

Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.

~The Tsunami PRP team

[github-actions]

This message is addressed to the Tsunami panel.

Contributor stats

• The contributor has 1 issues tagged as main;
• The contributor has 3 issues tagged as queue.

Useful links

• All open issues from this contributor
• All open PRs from this contributor

[tooryx]

Automated message: Do not reply to that comment or tag the author. We just announced a temporary program freeze please see #752 for details. Thank you for your understanding and patience.