PYSEC-2025-119

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2025-119.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-119

Aliases

Published

2025-05-30T06:15:28.500Z

Modified

2026-05-20T09:19:01.899868Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0.

References

https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g

Affected packages

PyPI / gradio

Package

Name: gradio; View open source insights on deps.dev
Purl: pkg:pypi/gradio

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.25.2

Fixed

5.31.0

Affected versions

5.*

5.25.2

5.26.0

5.27.0

5.27.1

5.28.0

5.29.0

5.29.1

5.30.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2025-119.yaml"