CVE-2025-12060: The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path
Summary
Keras, a machine learning library, has a vulnerability in its keras.utils.get_file function when extracting tar archives (compressed file collections). An attacker can create a malicious tar file with special symlinks (shortcuts to files) that, when extracted, writes files anywhere on the system instead of just the intended folder, giving them unauthorized access to overwrite important system files.
Solution / Mitigation
Upgrade Keras to version 3.12 or later. The source notes that upgrading Python alone (even to versions like Python 3.13.4 that fix the underlying CVE-2025-4517 vulnerability) is not sufficient; the Keras upgrade is also required.
Vulnerability Details
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-12060
First tracked: February 15, 2026 at 08:42 PM
Classified by LLM (prompt v3) · confidence: 92%