CVE-2025-12060: 
Python vulnerability analysis and mitigation

The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. This vulnerability (CVE-2025-12060) was disclosed in October 2025 and affects Keras versions prior to 3.12. The vulnerability is linked to the underlying Python tarfile weakness (CVE-2025-4517) (NVD).

The vulnerability stems from the use of Python's tarfile.extractall function without the filter="data" feature. The utility fails to properly validate file paths during archive extraction, which could allow malicious tar archives containing special symlinks to be extracted. The vulnerability has been assigned a CVSS v4.0 Base Score of 8.9 (HIGH) with the vector string CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H (NVD).

A remote attacker can craft a malicious tar archive containing special symlinks, which when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This could potentially lead to system compromise through arbitrary file writes (NVD).

Users should upgrade to Keras version 3.12 or later which implements the filter="data" option for tarfile extraction. Note that upgrading Python to a version that fixes CVE-2025-4517 (e.g. Python 3.13.4) alone is not sufficient - Keras must also be upgraded to version 3.12 or later for complete mitigation (Keras PR).