CNNVD-202510-2486 Information

CNNVD ID

CNNVD-202510-2486

Related CVE

CVE-2025-49655

• CNNVD Published: 2025-10-17

Description (Chinese)

Keras是Keras开源的一个多后端深度学习框架。 Keras 3.11.0版本至3.11.3之前版本存在安全漏洞，该漏洞源于反序列化不可信数据，可能导致执行任意代码。

Description (English)

Keras is a multi-back-end in-depth learning framework for Keras open sources. There was a security loophole in the previous versions of Keras 3.11.0 to 3.11.3, which stemmed from the lack of reliable data for back-sequencing, which could lead to the implementation of arbitrary codes.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Keras

Published

2025-10-17

Last Modified

2026-02-24

References

https://github.com/keras-team/keras/pull/21575 https://hiddenlayer.com/sai_security_advisor/2025-10-keras/

Patch

https://github.com/keras-team/keras/releases