cbcvebase.
CVE-2025-48889
published 2025-05-30

CVE-2025-48889: Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python…

PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.61%
44.7th percentile
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0.

Affected

3 ranges
VendorProductVersion rangeFixed in
gradio-appgradio< 5.31.05.31.0
gradio_projectgradio>= 0 < 5.31.05.31.0
gradio_projectgradio>= 5.25.2 < 5.31.05.31.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.