Zscaler Discovers Vulnerability in Keras Models Allowing Arbitrary File Access and SSRF (CVE-2025-12058)
Zscaler, Tuesday, November 4th, 2025
Zscaler uncovered a vulnerability in Keras that exposed AI and machine learning environments to file access and network exploitation risks, highlighting the urgent need to secure the AI model supply chain. Through responsible disclosure and ongoing research, Zscaler helps enterprises stay protected from emerging AI threats with a Zero Trust approach.
Key Takeaways
Technical analysis of CVE-2025-12058. The Keras model vulnerability root cause analysis, attack vectors, and disclosure details.
> AI models increasingly introduce new security risks. Even trusted frameworks can contain flaws that expose data or systems and become attack vectors.
> Research and disclosure make AI safer. Transparent information sharing of CVEs and other key discoveries is a critical safety component across the open-source and security communities.
> Securing the AI supply chain is essential. Enterprises must verify the integrity of models, code, and data sources to prevent compromise through AI.
> Zero Trust principles extend to AI. The same verification principles that protect users and apps also apply to AI.
> Zscaler is leading in AI security. Our research and technology help organizations embrace transformation and use AI safely.