CNNVD-202511-3016 Information

CNNVD ID

CNNVD-202511-3016

Related CVE

CVE-2025-12638

• CNNVD Published: 2025-11-28

Description (Chinese)

Keras是Keras开源的一个多后端深度学习框架。 Keras 3.11.3版本存在路径遍历漏洞，该漏洞源于keras.utils.get_file函数在提取tar归档时存在路径遍历问题，可能导致任意文件写入。

Description (English)

Keras is a multi-back-end in-depth learning framework for Keras open sources. There is a loophole in the path of the Keras 3.11.3 version, which originates from the keras.utils.get file function, which has a routing problem when extracting the tar archive, which may lead to the writing of any file.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Keras

Published

2025-11-28

Last Modified

2026-02-24

References

https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4