Plattform
python
Komponente
keras-team/keras
A path traversal vulnerability has been identified in Keras, a high-level neural networks API written in Python. This flaw, present in versions up to the latest release, stems from insecure handling of tar archive extraction. Attackers can exploit this to write files outside the designated directory, potentially leading to arbitrary code execution or data compromise. A fix is available, requiring users to upgrade to a patched version of Keras.
The vulnerability lies within the keras.utils.getfile() function, specifically in its use of tarfile.extractall() without the filter='data' parameter. While Keras attempts to filter potentially unsafe paths, a PATHMAX symlink resolution bug bypasses this filtering. This allows an attacker to craft a malicious tar archive containing symlinks that, when extracted, resolve to paths outside the intended extraction directory. Successful exploitation could allow an attacker to overwrite critical system files, inject malicious code, or gain unauthorized access to sensitive data. The impact is amplified if the Keras application runs with elevated privileges.
This vulnerability was publicly disclosed on 2025-11-28. The CVSS score of 8.0 (HIGH) indicates a significant risk. While no public proof-of-concept (PoC) has been observed at the time of writing, the nature of path traversal vulnerabilities makes it likely that one will emerge. It is not currently listed on the CISA KEV catalog.
Organizations and individuals utilizing Keras for machine learning model development and deployment are at risk. This includes those using Keras within data pipelines that process external data sources, particularly if those sources are not thoroughly vetted. Users relying on shared hosting environments or pre-built container images containing Keras are also potentially vulnerable.
• python / keras:
import os
import tarfile
def check_keras_vulnerability(tar_file_path):
try:
with tarfile.open(tar_file_path, 'r') as tar:
tar.extractall()
print("Extraction successful - potential vulnerability")
except Exception as e:
print(f"Extraction failed: {e}")
# Example usage (replace with a potentially malicious tar file)
check_keras_vulnerability('malicious.tar.gz')• python / keras: Monitor Keras logs for unusual file creation or modification events, particularly in unexpected directories. Look for errors related to symlink resolution or path length limits. • generic web: If Keras is deployed in a web application, monitor web server access logs for requests that attempt to upload or process tar archives from untrusted sources.
disclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to a patched version of Keras that addresses this vulnerability. Until an upgrade is possible, consider implementing strict file system access controls to limit the impact of potential exploitation. Implement input validation on any user-provided data used in tar archive creation or extraction. Monitor file system activity for unexpected writes outside the intended directories. Consider using a Web Application Firewall (WAF) to filter potentially malicious tar archive uploads, although this is not a complete solution.
Actualice Keras a una versión que incorpore la corrección para esta vulnerabilidad. Asegúrese de que la función `keras.utils.get_file()` utilice el parámetro `filter='data'` al extraer archivos tar. Como medida preventiva, evite procesar archivos tar de fuentes no confiables.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-12638 is a Path Traversal vulnerability affecting Keras versions up to the latest, allowing attackers to potentially write files outside the intended directory via symlink resolution bypass.
If you are using Keras version ≤latest, you are potentially affected. Monitor Keras's official channels for updates and apply the recommended mitigation.
Upgrade to a patched version of Keras as soon as it becomes available. Until then, avoid processing untrusted tar archives and implement strict file system access controls.
There are currently no known active exploits, but the vulnerability's nature suggests it may be targeted in the future. Proactive mitigation is recommended.
Refer to the Keras project's official website and GitHub repository for the latest security advisories and updates related to CVE-2025-12638.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.