The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This vulnerability is linked to the underlying Python tarfile weakness, identified as CVE-2025-4517. Note that upgrading Python to one of the versions that fix CVE-2025-4517 (e.g. Python 3.13.4) is not enough. One additionally needs to upgrade Keras to a version with the fix (Keras 3.12).
CVE-2025-12060
This high-severity CVE scores 8.9 under NVD CVSS v3. EPSS exploit probability: 0.1%, top 72% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- High severity, but no confirmed exploitation yet
A fix is available — apply it.
- CVSS v3
- 8.9
- EG Score
- 8.9(medium)
- EPSS
- 44.2%
- KEV
- Not listed
Published
October 30, 2025
Last Modified
April 15, 2026
References (2)
- cve-coordination@googlehttps://github.com/keras-team/keras/pull/21760
- cve-coordination@googlehttps://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9
Vendor Advisories for CVE-2025-12060(3)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
- RHSA-2026:5807Red Hat Product SecurityHigh
Red Hat Security Advisory: RHOAI 2.16.4 - Red Hat OpenShift AI
- RHSA-2025:23531Red Hat Product SecurityHigh
Red Hat Security Advisory: RHOAI 2.25.1 - Red Hat OpenShift AI
- RHSA-2025:22759Red Hat Product SecurityHigh
Red Hat Security Advisory: RHOAI 2.22.3 - Red Hat OpenShift AI
Additional Vendor Advisories
(1)
Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.
Frequently asked(5)
What is CVE-2025-12060?
When was CVE-2025-12060 disclosed?
Is CVE-2025-12060 actively exploited?
What is the CVSS score of CVE-2025-12060?
How do I remediate CVE-2025-12060?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2025-12060
Is Your Infrastructure Affected by CVE-2025-12060?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.