cvelistv5 - CVE-2025-12058

CVE-2025-12058 (GCVE-0-2025-12058)

Vulnerability from cvelistv5

Published

2025-10-29 08:48

Modified

2025-10-29 14:11

Severity ?

5.9 (Medium) - CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L

CWE

CWE-502 - Deserialization of Untrusted Data

Summary

The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF). This vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path. * Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer's configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system. * Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server's behalf, resulting in an SSRF condition. The security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access.

References

URL

Tags

	cve-coordination@google.com	https://github.com/keras-team/keras/pull/21751
	cve-coordination@google.com	https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f

Impacted products

	Vendor	Product	Version
	Keras	Keras	Version: 0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12058",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-29T14:07:04.803189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-29T14:11:03.027Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Keras",
          "vendor": "Keras",
          "versions": [
            {
              "lessThan": "3.12.0",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:keras:keras:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.12.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jayashwa Singh Chauhan"
        }
      ],
      "datePublic": "2025-10-17T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe \u003cb\u003e\u003ccode\u003eKeras.Model.load_model\u003c/code\u003e\u003c/b\u003e method, including when executed with the intended security mitigation \u003cb\u003e\u003ccode\u003esafe_mode=True\u003c/code\u003e\u003c/b\u003e, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis vulnerability stems from the way the \u003cb\u003e\u003ccode\u003eStringLookup\u003c/code\u003e\u003c/b\u003e layer is handled during model loading from a specially crafted \u003cb\u003e\u003ccode\u003e.keras\u003c/code\u003e\u003c/b\u003e archive. The constructor for the \u003ccode\u003eStringLookup\u003c/code\u003e layer accepts a \u003ccode\u003evocabulary\u003c/code\u003e argument that can specify a \u003cb\u003elocal file path\u003c/b\u003e or a \u003cb\u003eremote file path\u003c/b\u003e.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cb\u003eArbitrary Local File Read:\u003c/b\u003e An attacker can create a malicious \u003ccode\u003e.keras\u003c/code\u003e file that embeds a local path in the \u003ccode\u003eStringLookup\u003c/code\u003e layer\u0027s configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via \u003ccode\u003eget_vocabulary()\u003c/code\u003e), allowing an attacker to \u003cb\u003eread arbitrary local files\u003c/b\u003e on the hosting system.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cb\u003eServer-Side Request Forgery (SSRF):\u003c/b\u003e Keras utilizes \u003cb\u003e\u003ccode\u003etf.io.gfile\u003c/code\u003e\u003c/b\u003e for file operations. Since \u003ccode\u003etf.io.gfile\u003c/code\u003e supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from \u003cb\u003earbitrary network endpoints\u003c/b\u003e on the server\u0027s behalf, resulting in an SSRF condition.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe security issue is that the feature allowing external path loading was \u003cb\u003enot properly restricted\u003c/b\u003e by the \u003ccode\u003esafe_mode=True\u003c/code\u003e flag, which was intended to prevent such unintended data access.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\n\n\nThis vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path.\n\n  *  Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer\u0027s configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system.\n\n\n  *  Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server\u0027s behalf, resulting in an SSRF condition.\n\n\nThe security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-221",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-221 Data Serialization External Entities Blowup"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "ADJACENT",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T08:48:29.689Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f"
        },
        {
          "url": "https://github.com/keras-team/keras/pull/21751"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2025-12058",
    "datePublished": "2025-10-29T08:48:29.689Z",
    "dateReserved": "2025-10-22T07:39:21.715Z",
    "dateUpdated": "2025-10-29T14:11:03.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-12058\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2025-10-29T09:15:35.500\",\"lastModified\":\"2025-10-30T15:03:13.440\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\\n\\n\\nThis vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path.\\n\\n  *  Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer\u0027s configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system.\\n\\n\\n  *  Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server\u0027s behalf, resulting in an SSRF condition.\\n\\n\\nThe security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"references\":[{\"url\":\"https://github.com/keras-team/keras/pull/21751\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f\",\"source\":\"cve-coordination@google.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-12058\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-29T14:07:04.803189Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-29T14:10:59.454Z\"}}], \"cna\": {\"title\": \"Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Jayashwa Singh Chauhan\"}], \"impacts\": [{\"capecId\": \"CAPEC-221\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-221 Data Serialization External Entities Blowup\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Keras\", \"product\": \"Keras\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.12.0\", \"versionType\": \"date\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-10-17T22:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f\"}, {\"url\": \"https://github.com/keras-team/keras/pull/21751\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.4.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\\n\\n\\nThis vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path.\\n\\n  *  Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer\u0027s configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system.\\n\\n\\n  *  Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server\u0027s behalf, resulting in an SSRF condition.\\n\\n\\nThe security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe \u003cb\u003e\u003ccode\u003eKeras.Model.load_model\u003c/code\u003e\u003c/b\u003e method, including when executed with the intended security mitigation \u003cb\u003e\u003ccode\u003esafe_mode=True\u003c/code\u003e\u003c/b\u003e, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis vulnerability stems from the way the \u003cb\u003e\u003ccode\u003eStringLookup\u003c/code\u003e\u003c/b\u003e layer is handled during model loading from a specially crafted \u003cb\u003e\u003ccode\u003e.keras\u003c/code\u003e\u003c/b\u003e archive. The constructor for the \u003ccode\u003eStringLookup\u003c/code\u003e layer accepts a \u003ccode\u003evocabulary\u003c/code\u003e argument that can specify a \u003cb\u003elocal file path\u003c/b\u003e or a \u003cb\u003eremote file path\u003c/b\u003e.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cb\u003eArbitrary Local File Read:\u003c/b\u003e An attacker can create a malicious \u003ccode\u003e.keras\u003c/code\u003e file that embeds a local path in the \u003ccode\u003eStringLookup\u003c/code\u003e layer\u0027s configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via \u003ccode\u003eget_vocabulary()\u003c/code\u003e), allowing an attacker to \u003cb\u003eread arbitrary local files\u003c/b\u003e on the hosting system.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cb\u003eServer-Side Request Forgery (SSRF):\u003c/b\u003e Keras utilizes \u003cb\u003e\u003ccode\u003etf.io.gfile\u003c/code\u003e\u003c/b\u003e for file operations. Since \u003ccode\u003etf.io.gfile\u003c/code\u003e supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from \u003cb\u003earbitrary network endpoints\u003c/b\u003e on the server\u0027s behalf, resulting in an SSRF condition.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe security issue is that the feature allowing external path loading was \u003cb\u003enot properly restricted\u003c/b\u003e by the \u003ccode\u003esafe_mode=True\u003c/code\u003e flag, which was intended to prevent such unintended data access.\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:keras:keras:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"3.12.0\", \"versionStartIncluding\": \"0\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2025-10-29T08:48:29.689Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-12058\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-29T14:11:03.027Z\", \"dateReserved\": \"2025-10-22T07:39:21.715Z\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2025-10-29T08:48:29.689Z\", \"assignerShortName\": \"Google\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0966

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 golang 1.22.7-5
Microsoft	N/A	azl3 golang 1.23.12-1
Microsoft	N/A	cbl2 python-tensorboard 2.11.0-3
Microsoft	N/A	azl3 moby-engine 25.0.3-13
Microsoft	N/A	azl3 python-tensorboard 2.16.2-6
Microsoft	N/A	azl3 kernel 6.6.104.2-4
Microsoft	N/A	cbl2 msft-golang 1.24.8-1
Microsoft	N/A	azl3 gh 2.62.0-9
Microsoft	N/A	azl3 frr 9.1.1-3
Microsoft	N/A	azl3 xorg-x11-server-Xwayland 24.1.6-2 versions antérieures à 24.1.6-3
Microsoft	N/A	cbl2 libcontainers-common 20210626-7
Microsoft	N/A	cbl2 moby-engine 24.0.9-18
Microsoft	N/A	cbl2 frr 8.5.5-3
Microsoft	N/A	azl3 containerized-data-importer 1.57.0-16
Microsoft	N/A	azl3 skopeo 1.14.4-6
Microsoft	N/A	azl3 tensorflow 2.16.1-9
Microsoft	N/A	azl3 keras 3.3.3-4 versions antérieures à 3.3.3-5
Microsoft	N/A	cbl2 gcc 11.2.0-8
Microsoft	N/A	cbl2 keras 2.11.0-3
Microsoft	N/A	azl3 golang 1.25.3-1
Microsoft	N/A	cbl2 tensorflow 2.11.1-2
Microsoft	N/A	azl3 keras 3.3.3-4
Microsoft	N/A	azl3 gcc 13.2.0-7
Microsoft	N/A	cbl2 cri-o 1.22.3-16
Microsoft	N/A	cbl2 skopeo 1.14.2-12
Microsoft	N/A	cbl2 containerized-data-importer 1.55.0-25
Microsoft	N/A	cbl2 golang 1.18.8-10
Microsoft	N/A	azl3 libcontainers-common 20240213-3

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-58189	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40099	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40083	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58186	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61724	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61103	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12058	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40087	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61100	2025-11-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61105	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62229	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40106	2025-11-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62231	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61102	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40097	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40100	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40084	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58187	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40094	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61106	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40104	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40103	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61104	2025-11-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40085	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-47912	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40092	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40105	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40096	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61107	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40088	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58183	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61725	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61101	2025-11-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61723	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40102	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40095	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12060	2025-11-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62230	2025-11-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58185	2025-10-31	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-58188	2025-10-31	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 golang 1.22.7-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.23.12-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python-tensorboard 2.11.0-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 moby-engine 25.0.3-13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python-tensorboard 2.16.2-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.104.2-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 msft-golang 1.24.8-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 gh 2.62.0-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 frr 9.1.1-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 xorg-x11-server-Xwayland 24.1.6-2 versions ant\u00e9rieures \u00e0 24.1.6-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 libcontainers-common 20210626-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 moby-engine 24.0.9-18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 frr 8.5.5-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 containerized-data-importer 1.57.0-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 skopeo 1.14.4-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 tensorflow 2.16.1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 keras 3.3.3-4 versions ant\u00e9rieures \u00e0 3.3.3-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 gcc 11.2.0-8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 keras 2.11.0-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.25.3-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 tensorflow 2.11.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 keras 3.3.3-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 gcc 13.2.0-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 cri-o 1.22.3-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 skopeo 1.14.2-12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 containerized-data-importer 1.55.0-25",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 golang 1.18.8-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libcontainers-common 20240213-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
    },
    {
      "name": "CVE-2025-40100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40100"
    },
    {
      "name": "CVE-2025-40103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40103"
    },
    {
      "name": "CVE-2025-61102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61102"
    },
    {
      "name": "CVE-2025-58185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
    },
    {
      "name": "CVE-2025-40092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
    },
    {
      "name": "CVE-2025-61106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61106"
    },
    {
      "name": "CVE-2025-61103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61103"
    },
    {
      "name": "CVE-2025-62230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62230"
    },
    {
      "name": "CVE-2025-40104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40104"
    },
    {
      "name": "CVE-2025-40097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40097"
    },
    {
      "name": "CVE-2025-40106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2025-40088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
    },
    {
      "name": "CVE-2025-40085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
    },
    {
      "name": "CVE-2025-61724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
    },
    {
      "name": "CVE-2025-61105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61105"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2025-40084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40084"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2025-47912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
    },
    {
      "name": "CVE-2025-40095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40095"
    },
    {
      "name": "CVE-2025-58186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
    },
    {
      "name": "CVE-2025-40105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
    },
    {
      "name": "CVE-2025-62229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62229"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2025-40083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40083"
    },
    {
      "name": "CVE-2025-62231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62231"
    },
    {
      "name": "CVE-2025-40099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40099"
    },
    {
      "name": "CVE-2025-12060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
    },
    {
      "name": "CVE-2025-58189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
    },
    {
      "name": "CVE-2025-40094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
    },
    {
      "name": "CVE-2025-40102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40102"
    },
    {
      "name": "CVE-2025-12058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12058"
    },
    {
      "name": "CVE-2025-61101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61101"
    },
    {
      "name": "CVE-2025-61107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61107"
    },
    {
      "name": "CVE-2025-61100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61100"
    },
    {
      "name": "CVE-2025-40096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
    },
    {
      "name": "CVE-2025-61104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61104"
    },
    {
      "name": "CVE-2025-40087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
    }
  ],
  "initial_release_date": "2025-11-05T00:00:00",
  "last_revision_date": "2025-11-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0966",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58189",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58189"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40099",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40099"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40083",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40083"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58186",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58186"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61724",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61724"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61103",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61103"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12058",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12058"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40087",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40087"
    },
    {
      "published_at": "2025-11-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61100",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61100"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61105",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61105"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62229",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62229"
    },
    {
      "published_at": "2025-11-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40106",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40106"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62231",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62231"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61102",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61102"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40097",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40097"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40100",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40100"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40084",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40084"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58187",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58187"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40094",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40094"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61106",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61106"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40104",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40104"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40103",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40103"
    },
    {
      "published_at": "2025-11-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61104",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61104"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40085",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40085"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47912",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47912"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40092",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40092"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40105",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40105"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40096",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40096"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61107",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61107"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40088",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40088"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58183",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58183"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61725",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61725"
    },
    {
      "published_at": "2025-11-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61101",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61101"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61723",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61723"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40102",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40102"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40095",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40095"
    },
    {
      "published_at": "2025-11-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12060",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12060"
    },
    {
      "published_at": "2025-11-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62230",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62230"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58185",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58185"
    },
    {
      "published_at": "2025-10-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58188",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58188"
    }
  ]
}

ghsa-mq84-hjqx-cwf2

Vulnerability from github

Published

2025-10-29 09:30

Modified

2025-10-29 16:04

Severity ?

5.9 (Medium) - CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L

Summary

Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery

Details

The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).

This vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path.

Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer's configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system.
Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server's behalf, resulting in an SSRF condition.

The security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keras"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-12058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-29T16:04:40Z",
    "nvd_published_at": "2025-10-29T09:15:35Z",
    "severity": "MODERATE"
  },
  "details": "The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\n\n\nThis vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path.\n\n  *  Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer\u0027s configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system.\n\n\n  *  Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server\u0027s behalf, resulting in an SSRF condition.\n\n\nThe security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access.",
  "id": "GHSA-mq84-hjqx-cwf2",
  "modified": "2025-10-29T16:04:40Z",
  "published": "2025-10-29T09:30:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12058"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keras-team/keras/pull/21751"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keras-team/keras/commit/61ac8c1e51862c471dee7b49029c356f55531487"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keras-team/keras"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12058"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery"
}

fkie_cve-2025-12058

Vulnerability from fkie_nvd

Published

2025-10-29 09:15

Modified

2025-10-30 15:03

Severity ?

5.9 (Medium) - CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L

Summary

References

	URL	Tags
	cve-coordination@google.com	https://github.com/keras-team/keras/pull/21751
	cve-coordination@google.com	https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\n\n\nThis vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path.\n\n  *  Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer\u0027s configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system.\n\n\n  *  Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server\u0027s behalf, resulting in an SSRF condition.\n\n\nThe security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access."
    }
  ],
  "id": "CVE-2025-12058",
  "lastModified": "2025-10-30T15:03:13.440",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "PRESENT",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "LOW",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cve-coordination@google.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-29T09:15:35.500",
  "references": [
    {
      "source": "cve-coordination@google.com",
      "url": "https://github.com/keras-team/keras/pull/21751"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f"
    }
  ],
  "sourceIdentifier": "cve-coordination@google.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "cve-coordination@google.com",
      "type": "Secondary"
    }
  ]
}

msrc_cve-2025-12058

Vulnerability from csaf_microsoft

Published

2025-10-02 00:00

Modified

2025-10-31 01:03

Summary

Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-12058.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF",
    "tracking": {
      "current_release_date": "2025-10-31T01:03:15.000Z",
      "generator": {
        "date": "2025-11-04T20:08:19.286Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-12058",
      "initial_release_date": "2025-10-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-10-31T01:03:15.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 keras 3.3.3-4",
                "product": {
                  "name": "azl3 keras 3.3.3-4",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 keras 2.11.0-3",
                "product": {
                  "name": "cbl2 keras 2.11.0-3",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "keras"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 keras 3.3.3-4 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 keras 2.11.0-3 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-12058",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "general",
          "text": "Google",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_affected": [
          "17084-1",
          "17086-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-12058.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-10-31T01:03:15.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        },
        {
          "category": "none_available",
          "date": "2025-10-31T01:03:15.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-2"
          ]
        }
      ],
      "title": "Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-12058 (GCVE-0-2025-12058)

Vulnerability from cvelistv5

CERTFR-2025-AVI-0966

Vulnerability from certfr_avis

Solutions

ghsa-mq84-hjqx-cwf2

Vulnerability from github

fkie_cve-2025-12058

Vulnerability from fkie_nvd

msrc_cve-2025-12058

Vulnerability from csaf_microsoft

Tags

Sightings

Nomenclature