CVE-2025-23042
Gradio Blocked Path ACL Bypass Vulnerability
In short
Gradio's file access control can be bypassed by changing the letter case of blocked file paths on Windows and macOS systems. An attacker can access sensitive files that should be protected by manipulating how file names are written.
Technical detail
Gradio's ACL validation lacks case normalization, allowing attackers to bypass blocked path restrictions on case-insensitive file systems (Windows, macOS) via case-variant path traversal. The vulnerability requires direct access to the Gradio application's file serving functionality and results in unauthorized read access to sensitive files, compromising the security model's integrity.
Summary generated and translated by AI from the official description.
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windows and macOS, this flaw enables attackers to circumvent security restrictions and access sensitive files that should be protected. This issue can lead to unauthorized data access, exposing sensitive information and undermining the integrity of Gradio's security model. Given Gradio's popularity for building web applications, particularly in machine learning and AI, this vulnerability may pose a substantial threat if exploited in production environments. This issue has been addressed in release version 5.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
gradio-app · gradioWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →