CNNVD-202510-3921 Information

CNNVD ID

CNNVD-202510-3921

Related CVE

CVE-2025-12058

• CNNVD Published: 2025-10-29

Description (Chinese)

Keras是Keras开源的一个多后端深度学习框架。 Keras存在安全漏洞，该漏洞源于StringLookup层在处理特制.keras存档时未正确限制外部路径加载功能，可能导致任意本地文件读取和服务端请求伪造攻击。

Description (English)

Keras is a multi-back-end in-depth learning framework for Keras open sources. There is a security loophole in Keras, which stems from the fact that the SpringLookup floor did not correctly limit the external path loading function when dealing with the special-purpose.keras archive, which could lead to any local document reading and service request for a false attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Keras

Published

2025-10-29

Last Modified

2026-02-24

References

https://github.com/keras-team/keras/pull/21751 https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f https://access.redhat.com/security/cve/cve-2025-12058

Patch

https://github.com/keras-team/keras/releases