Linux Distros Unpatched Vulnerability : CVE-2025-12058

🗓️ 29 Oct 2025 00:00:00Reported by TenableType

Linux hosts with unpatched CVE-2025-12058 allow local file read and server side forgery during Keras model loading.

Reporter	Title	Published	Views	Family All 36
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.	29 Dec 202505:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906.	30 Jan 202605:35	–	ibm
IBM Security Bulletins	Security Bulletin: Arbitrary File Read, SSRF, and Code Execution Vulnerabilities in TensorFlow Keras Model Loading (v2.13) affects watsonx.data	8 Apr 202608:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl	4 Feb 202622:27	–	ibm
Chainguard	CVE-2025-12058 vulnerabilities	4 Nov 202501:23	–	cgr
Circl	CVE-2025-12058	29 Oct 202510:26	–	circl
CNNVD	Keras 安全漏洞	29 Oct 202500:00	–	cnnvd
CVE	CVE-2025-12058	29 Oct 202508:48	–	cve
Cvelist	CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF	29 Oct 202508:48	–	cvelist
Debian CVE	CVE-2025-12058	29 Oct 202508:48	–	debiancve

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-12058
ubuntu	www.ubuntu.com/security/CVE-2025-12058
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(271993);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/31");

  script_cve_id("CVE-2025-12058");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-12058");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - The Keras.Model.load_model method, including when executed with the intended security mitigation
    safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF). This
    vulnerability stems from the way the StringLookup layer is handled during model loading from a specially
    crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can
    specify a local file path or a remote file path. * Arbitrary Local File Read: An attacker can create a
    malicious .keras file that embeds a local path in the StringLookup layer's configuration. When the model
    is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the
    model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files
    on the hosting system. * Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file
    operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS
    protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the
    server's behalf, resulting in an SSRF condition. The security issue is that the feature allowing external
    path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such
    unintended data access. (CVE-2025-12058)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-12058");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2025-12058");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-12058");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/10/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:keras");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:keras");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "python3-keras"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "keras"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "keras"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

31 Oct 2025 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 45.9

EPSS0.00083

SSVC