CVE-2024-55459 – A vulnerability in Keras 3.7.0 allows attackers... (How to Fix)

📋 TL;DR

A vulnerability in Keras 3.7.0 allows attackers to write arbitrary files to a user's machine by exploiting the get_file function with a malicious tar archive. This affects any application using Keras 3.7.0 that downloads files via get_file. Users who download files from untrusted sources are particularly vulnerable.

💻 Affected Systems

Products:

Keras

Versions: 3.7.0 only

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the get_file function when downloading tar files. Other file types and functions are not vulnerable.

📦 What is this software?

Keras by Keras

View all CVEs affecting Keras →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file writes leading to remote code execution, data theft, or ransomware deployment.

🟠

Likely Case

Local file system corruption, data loss, or malware installation through crafted tar files.

🟢

If Mitigated

Limited impact if file downloads are restricted to trusted sources and proper file validation is implemented.

🌐 Internet-Facing: MEDIUM - Requires user interaction to download malicious files, but web applications using get_file could be exploited.

🏢 Internal Only: LOW - Primarily affects development environments and applications processing external data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires tricking users into downloading malicious tar files or compromising file sources. No authentication is needed once the malicious file is processed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.7.1 or later

Vendor Advisory: https://github.com/keras-team/keras

Restart Required: No

Instructions:

1. Update Keras using pip: pip install --upgrade keras
2. Verify installation: pip show keras
3. Ensure version is 3.7.1 or higher

🔧 Temporary Workarounds

Disable tar file downloads

all

Modify code to avoid using get_file with tar archives or implement custom validation.

# In Python code, add validation before get_file calls
import os
def safe_get_file(url, extract=True):
    if url.endswith('.tar') or url.endswith('.tar.gz'):
        raise ValueError('Tar downloads disabled due to CVE-2024-55459')

🧯 If You Can't Patch

Restrict get_file usage to trusted, verified sources only
Implement file hash verification for all downloaded files

🔍 How to Verify

Check if Vulnerable:

Check Keras version: python -c "import keras; print(keras.__version__)" - if output is 3.7.0, system is vulnerable.

Check Version:

python -c "import keras; print(keras.__version__)"

Verify Fix Applied:

After update, verify version is 3.7.1 or higher using same command.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in system logs
Errors from get_file function with tar files

Network Indicators:

Downloads of tar files to Keras applications from unusual sources

SIEM Query:

source="application.log" AND "get_file" AND ".tar" AND ("error" OR "exception")

📊 Metadata

CVE ID: CVE-2024-55459

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE: CWE-494

EPSS Score: 0.07% exploit probability (21.7th percentile)

Published: January 8, 2025

Last Updated: September 22, 2025

🔗 References

https://github.com/keras-team/keras Product
https://keras.io Product
https://river-bicycle-f1e.notion.site/Arbitrary-File-Write-Vulnerability-in-get_file-function-11888e31952580179224e50892976d32 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55459, you might also want to check these: