Data Exposure Vulnerability Found in Deep Learning Tool Keras

The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks. The post Data Exposure Vulnerability Found in Deep Learning Tool Keras appeared first on SecurityWeek.

A vulnerability in the open source library Keras could allow attackers to load arbitrary local files or conduct server-side request forgery (SSRF) attacks.

Providing a Python interface for artificial neural networks, Keras is a deep learning API that can be used as a low-level cross-framework language for the building of AI models that work with JAX, TensorFlow, and PyTorch.

Tracked as CVE-2025-12058 (CVSS score of 5.9), the medium-severity flaw exited because the library’s StringLookup and IndexLookup preprocessing layers allow for file paths or URLs to be used as inputs to define vocabularies.

Source: https://www.securityweek.com/data-exposure-vulnerability-found-in-deep-learning-tool-keras/