CVE-2025-12638

Name of the Vulnerable Software and Affected Versions Keras version 3.11.3

Description Keras version 3.11.3 has a path traversal issue in the keras.utils.get file() function when handling tar archives. The problem occurs because the function utilizes Python’s tarfile.extractall() method without the filter='data' parameter. While Keras includes a filter safe paths() function to filter unsafe paths, a PATH MAX symlink resolution bug during extraction bypasses this security measure. This allows files to be written outside the intended extraction directory, potentially leading to arbitrary file writes and system compromise. The issue impacts Keras installations processing tar archives with get file().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.