CVE-2025-48889
published 2025-05-30CVE-2025-48889: Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python…
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.61%
44.7th percentile
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gradio-app | gradio | < 5.31.0 | 5.31.0 |
| gradio_project | gradio | >= 0 < 5.31.0 | 5.31.0 |
| gradio_project | gradio | >= 5.25.2 < 5.31.0 | 5.31.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Gradio Allows Unauthorized File Copy via Path Manipulation
ghsa·2025-05-29
CVE-2025-48889 [MEDIUM] CWE-434 Gradio Allows Unauthorized File Copy via Path Manipulation
Gradio Allows Unauthorized File Copy via Path Manipulation
An arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space.
### Description
The flagging component doesn't properly validate file paths before copying files. Attackers can send specially crafted requests to the `/gradio_api/run/predict` endpoint to trigger these file copies.
**Source**: User-controlled `path` parameter in the flagging functionality JSON payload
**Sink**: `shutil.copy` operation in `FileData._copy_to_dir()` method
The vulnerable code flow:
1. A JSON payload is sent to the `/gradio_api/run/pre
OSV
Gradio Allows Unauthorized File Copy via Path Manipulation
osv·2025-05-29
CVE-2025-48889 [MEDIUM] Gradio Allows Unauthorized File Copy via Path Manipulation
Gradio Allows Unauthorized File Copy via Path Manipulation
An arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space.
### Description
The flagging component doesn't properly validate file paths before copying files. Attackers can send specially crafted requests to the `/gradio_api/run/predict` endpoint to trigger these file copies.
**Source**: User-controlled `path` parameter in the flagging functionality JSON payload
**Sink**: `shutil.copy` operation in `FileData._copy_to_dir()` method
The vulnerable code flow:
1. A JSON payload is sent to the `/gradio_api/run/pre
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Security firms dispute credit for overlapping CVE reports
blogs_bleepingcomputer·2025-10-14·CVSS 5.3
[MEDIUM] Security firms dispute credit for overlapping CVE reports
## Security firms dispute credit for overlapping CVE reports
## Ax Sharma
Cybersecurity company FuzzingLabs has accused the Y Combinator-backed startup, Gecko Security, of replicating its vulnerability disclosures and backdating blog posts.
According to the company, Gecko filed CVEs for two vulnerabilities that FuzzingLabs previously disclosed, and even "copied the PoCs, re-submitted them, and took the credit."
Gecko Security has denied any wrongdoing, calling the allegations a misunderstanding over disclosure processes.
## FuzzingLabs cries foul
A public dispute has erupted between two cybersecurity startups, FuzzingLabs and Gecko Security, after the former accused the Y Combinator-backed firm of copying its vulnerability discoveries and claiming credit for multiple CVE IDs.
"They
Wiz
CVE-2026-28414 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-28414 [MEDIUM] CVE-2026-28414 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28414 :
Gradio vulnerability analysis and mitigation
os.path.isabs
/windows/win.ini
Source : NVD
## 7.5
Score
Published February 27, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Gradio
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 79.3
Exploitation Probability (EPSS) 1.3
Affected packages and libraries
gradio
Sources
NVD
pip Severity HIGH Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Gradio vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-28
Wiz
CVE-2026-28415 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-28415 [MEDIUM] CVE-2026-28415 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28415 :
Gradio vulnerability analysis and mitigation
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host.
Source : NVD
## 4.7
Score
Published February 27, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Gradio
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Relea
Wiz
CVE-2026-27167 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-27167 [MEDIUM] CVE-2026-27167 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27167 :
Gradio vulnerability analysis and mitigation
gr.LoginButton
/login/huggingface
huggingface_hub.get_token()
"-v4"
Source : NVD
## 5.9
Score
Published February 27, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Gradio
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gradio
Sources
NVD
pip Severity LOW Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Gradio vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploi
Wiz
CVE-2026-28416 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-28416 [MEDIUM] CVE-2026-28416 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28416 :
Gradio vulnerability analysis and mitigation
gr.load()
proxy_url
Source : NVD
## 8.6
Score
Published February 27, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
Gradio
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gradio
Sources
NVD
pip Severity HIGH Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Gradio vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-28416
HIGH
8.
2025-05-30
Published