CVE-2025-12060: 
Python vulnerability analysis and mitigation

CVE-2025-12060 affects the keras.utils.get_file API in Keras when used with the extract=True option for tar archives. The vulnerability was discovered and disclosed on October 30, 2025, impacting Keras versions prior to 3.12. This path traversal vulnerability stems from the use of Python's tarfile.extractall function without the filter="data" feature, and is linked to the underlying Python tarfile weakness (CVE-2025-4517) (NVD).

The vulnerability exists due to improper handling of tar archive extraction in the keras.utils.get_file API. When the extract=True option is used, the function utilizes Python's tarfile.extractall without implementing the necessary filter="data" security feature. The severity is rated as HIGH with a CVSS v4.0 Base Score of 8.9, indicating significant potential impact. The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD).

A remote attacker can exploit this vulnerability by crafting a malicious tar archive containing special symlinks. When such an archive is extracted, it allows the attacker to write arbitrary files to any location on the filesystem outside of the intended destination folder. This could potentially lead to unauthorized file system access and modification (NVD).

The vulnerability has been fixed in Keras version 3.12. Users are advised to upgrade to this version or later. It's important to note that simply upgrading Python to a version that fixes CVE-2025-4517 (e.g., Python 3.13.4) is not sufficient - Keras must also be upgraded to version 3.12 or later. The fix implements the filter="data" option for TarFile.extractall to prevent path traversal attacks (Keras PR).