SB2025111724 - Multiple vulnerabilities in Keras



SB2025111724 - Multiple vulnerabilities in Keras

Published: November 17, 2025 Updated: December 3, 2025

Security Bulletin ID SB2025111724
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2025-12058)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Green


The disclosed vulnerability allows a remote user to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input passed via a specially crafted .keras archive within the Keras.Model.load_model method. A remote user can upload a malicious .keras file that embeds a local or remote path in the StringLookup layer's configuration and trick the application to initiate requests to arbitrary files or external systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Note, the vulnerability can be exploited even with the "safe_mode=True" flag.


2) Path traversal (CVE-ID: CVE-2025-12060)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error in keras.utils.get_file API when used with the extract=True option for tar archives. A remote user can supply a malicious .tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder.


Remediation

Install update from vendor's website.