Description
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g
Scores
CVSS v3
5.3
EPSS
0.0147
EPSS Percentile
81.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-434
Status
published
Products (2)
gradio_project/gradio
5.25.2 - 5.31.0
pypi/gradio
0 - 5.31.0PyPI
Published
May 30, 2025
Tracked Since
Feb 18, 2026