Threat Advisory

Data Exposure Vulnerability in Keras Deep Learning Framework

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Medium

EXECUTIVE SUMMARY:

A medium-severity data exposure vulnerability has been identified in the Keras deep learning framework, tracked as CVE-2025-12058. This flaw allows attackers to gain unauthorized access to sensitive local files or trigger internal network requests when a maliciously crafted model is loaded, posing a risk of data leakage and server-side request forgery (SSRF).

  • CVE-2025-12058: The vulnerability exists because Keras’s preprocessing layers (StringLookup and IndexLookup) permit the use of file paths or URLs as vocabulary sources during model deserialization. When a malicious model containing such references is loaded, Keras automatically attempts to access the specified file or URL without validation. This behavior enables attackers to exfiltrate sensitive host data (e.g., SSH keys or configuration files) or perform SSRF attacks to access restricted internal endpoints. The issue has been assigned a CVSS v3.1 score of 5.9 (Medium).

This vulnerability poses a risk to AI/ML environments that load untrusted models, particularly in cloud or enterprise setups, where exploitation could lead to unauthorized data access or compromise of internal network resources.

RECOMMENDATION:

  • We strongly recommend you update Keras to version 3.11.4 or later.

REFERENCES:

The following reports contain further technical details:

https://www.securityweek.com/data-exposure-vulnerability-found-in-deep-learning-tool-keras/

crossmenu