SB2025112574 - Multiple vulnerabilities in Keras framework

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Deserialization of Untrusted Data (CVE-ID: CVE-2025-49655)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data while parsing external modules. A remote attacker can trick the victim into loading a malicious module and execute arbitrary code on the target system.

2) Improper Control of Dynamically-Managed Code Resources (CVE-ID: CVE-2025-9905)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the Model.load_model() method. A remote attacker can trick the victim into loading a crafted .h5/.hdf5 model archive and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

• https://github.com/keras-team/keras/pull/21575
• https://hiddenlayer.com/sai_security_advisor/2025-10-keras/
• https://github.com/keras-team/keras/pull/21602
• https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv