CVE-2025-0187

High CVSS: 7.5

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailability for legitimate users.

Vendor

Gradio Project

Product

Gradio

CWE

CWE-400

Yayın Tarihi

2025-03-20 10:15:51

Güncelleme

2025-08-01 18:09:31

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-400 Gradio HIGH Gradio Project 2025

Referanslar

https://huntr.com/bounties/77f3ed54-9e1c-4d9f-948f-ee6f82e2fe24

Benzer Kayıtlar

High

CVE-2026-28414

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Win…

Medium

CVE-2026-28415

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target(…

High

CVE-2026-28416

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Fo…

Unknown

CVE-2026-27167

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version…

Medium

CVE-2025-48889

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning mod…

Medium

CVE-2024-8021

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker t…