Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-12060

Good to know:

icon
icon

Date: October 30, 2025

The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This vulnerability is linked to the underlying Python tarfile weakness, identified as CVE-2025-4517. Note that upgrading Python to one of the versions that fix CVE-2025-4517 (e.g. Python 3.13.4) is not enough. One additionally needs to upgrade Keras to a version with the fix (Keras 3.12).

Severity Score

Related Resources (6)

https://github.com/keras-team/keras/pull/21760
https://github.com/keras-team/keras
https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9
https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951
https://nvd.nist.gov/vuln/detail/CVE-2025-12060
https://www.mend.io/vulnerability-database/CVE-2025-12060

Severity Score

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

icon

Upgrade Version

Upgrade to version keras - 3.12.0;keras - 3.12.0;keras - 3.12.0;https://github.com/keras-team/keras.git - v3.12.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us