CVE-2021-43831
HIGH NUCLEIgradio < 2.5.0 - Unauthenticated Path Traversal
Title source: llmExploitation Summary
CVE-2021-43831 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any files on the host computer if they know the file names or file paths. This is limited only by the host operating system. Paths are opened in read only mode. The problem has been patched in gradio 2.5.0.
Nuclei Templates (1)
Gradio < 2.5.0 - Arbitrary File Read
HIGHby isacaya
Shodan:
title:"Gradio"
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/gradio-app/gradio/security/advisories/GHSA-rhq2-3vr9-6mcr
Patch, Third Party Advisory x_refsource_misc
https://github.com/gradio-app/gradio/commit/41bd3645bdb616e1248b2167ca83636a2653f781
Scores
CVSS v3
7.7
EPSS
0.0379
EPSS Percentile
88.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
gradio_project/gradio
< 2.5.0
pypi/gradio
0 - 2.5.0PyPI
Published
Dec 15, 2021
Tracked Since
Feb 18, 2026