Plateforme
python
Composant
keras
Corrigé dans
3.11.4
3.12.0
Keras's keras.utils.get_file() function contains a Directory Traversal vulnerability stemming from the use of tarfile.extractall() without the filter="data" parameter. This allows malicious tar archives to bypass security checks and write files outside the intended extraction directory, potentially leading to arbitrary code execution or data compromise. The vulnerability affects Keras versions up to 3.9.2 and is resolved in version 3.12.0.
An attacker could craft a malicious tar archive containing specially crafted symlinks and file paths. When Keras attempts to extract this archive using keras.utils.get_file(), the tarfile.extractall() function, lacking the filter="data" parameter, will resolve these symlinks and write files to arbitrary locations on the system. This could allow an attacker to overwrite critical system files, inject malicious code, or gain unauthorized access to sensitive data. The potential impact is significant, especially in environments where Keras is used to process untrusted data or deploy models.
This vulnerability is considered high probability due to the ease of crafting malicious tar archives and the widespread use of Keras in machine learning deployments. Public proof-of-concept exploits are likely to emerge, increasing the risk of exploitation. The vulnerability was publicly disclosed on 2025-12-02. No active exploitation campaigns have been confirmed as of this writing.
Machine learning engineers and data scientists using Keras in production environments are at risk, particularly those deploying models that process user-supplied data or untrusted archives. Shared hosting environments where multiple users share the same Keras installation are also at increased risk, as a compromised user could potentially exploit the vulnerability to affect other users.
• python / keras: Inspect Keras version using python -c "import keras; print(keras.version)". Versions ≤3.9.2 are vulnerable.
• python / keras: Monitor file system for unexpected file creations within Keras extraction directories.
• python / keras: Review application logs for errors related to file extraction or permission denied errors during extraction.
• python / keras: Check for suspicious tar archives being downloaded or processed by Keras applications.
disclosure
patch
Statut de l'Exploit
EPSS
0.12% (percentile 31%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to upgrade Keras to version 3.12.0 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. One approach is to restrict the extraction directory to a tightly controlled and isolated location. Additionally, carefully validate the source of any tar archives processed by Keras, ensuring they originate from trusted sources. Implement input validation to sanitize file paths and prevent the creation of symlinks that could lead to traversal attacks. After upgrade, confirm by attempting to extract a known malicious tar archive and verifying that it fails to write outside the designated extraction directory.
Mettez à jour Keras à la version 3.12 ou supérieure. Cette mise à jour corrige la vulnérabilité de traversal de chemin lors de l'extraction d'archives tar. Assurez-vous également d'avoir une version de Python qui a corrigé CVE-2025-4517 (par exemple, Python 3.13.4 ou supérieur).
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-12060 is a CRITICAL vulnerability in Keras allowing attackers to write files outside the intended extraction directory via malicious tar archives, potentially leading to code execution.
Yes, if you are using Keras versions 3.9.2 or earlier, you are vulnerable. Upgrade to 3.12.0 or later to resolve the issue.
Upgrade Keras to version 3.12.0 or later. As a temporary workaround, restrict the extraction directory and validate archive sources.
No active exploitation campaigns have been confirmed, but public proof-of-concept exploits are likely to emerge, increasing the risk.
Refer to the Keras project's official security advisories and release notes for detailed information and updates regarding CVE-2025-12060.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.