CVE-2025-5320 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Hand…
Medium CVSS: 6.3

CVE-2025-5320

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Vendor
-
Product
-
CWE
CWE-345
Yayın Tarihi
2025-05-29 14:15:38
Güncelleme
2025-06-01 05:15:19
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-345 MEDIUM 2025

Referanslar

https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe#proof-of-concept-poc https://vuldb.com/?ctiid.310491 https://vuldb.com/?id.310491 https://vuldb.com/?submit.580250