A path traversal vulnerability in Keras versions prior to 3.14.0 poses a high risk of arbitrary file system modification and potential remote code execution.

The vulnerability exists within archive extraction utilities that fail to properly validate member paths against the intended extraction destination. This allows an attacker to perform path traversal, writing files to arbitrary locations outside the designated directory.

The exploitation of this flaw could lead to the overwriting of critical configuration files, injection of malicious code into machine learning pipelines, or corruption of sensitive datasets. Given the CVSS score of 8.1, this vulnerability represents a significant threat to the integrity and availability of production environments relying on Keras.

Immediate Action: Update all instances of Keras to version 3.14.0 or later to ensure the path validation logic is correctly implemented.

Proactive Monitoring: Monitor file system activity logs for unexpected write operations in directories outside of defined application extraction paths.

Compensating Controls: Utilize containerization or sandboxing with strict read-only file system permissions for non-essential directories to limit the scope of potential file overwrites.

Public Exploit Available: true

Due to the high severity score and the existence of public exploit code, organizations should prioritize patching Keras to version 3.14.0 immediately. Failure to remediate could allow an attacker to gain unauthorized control over application configurations or manipulate machine learning model outputs.