CVE-2025-23042

HighPublic PoC

Published: 14 January 2025

Published

14 January 2025

Modified

26 August 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0010 27.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

Security Summary

CVE-2025-23042 is a vulnerability in Gradio, an open-source Python package used for quickly building demos and web applications for machine learning models, APIs, or arbitrary Python functions. The flaw allows bypassing of Gradio's Access Control List (ACL) for file paths by altering the letter case of a blocked file or directory path. This occurs due to a lack of case normalization in the file path validation logic, enabling access to sensitive files on case-insensitive file systems such as those on Windows and macOS.

Unauthenticated attackers with network access can exploit this vulnerability with low attack complexity and no user interaction, as reflected in its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Exploitation grants unauthorized access to protected files, leading to exposure of sensitive information and compromising the confidentiality of data served by Gradio applications.

The Gradio security advisory (GHSA-j2jg-fq62-7c3h) states that the issue has been fixed in release version 5.6.0, and users are advised to upgrade immediately. No workarounds are available.

Gradio's widespread use in machine learning and AI web applications heightens the risk of this vulnerability in production environments, where it is classified under CWE-285 (Improper Authorization). No real-world exploitation has been reported.

Details

CWE(s): CWE-285

Affected Products

gradio project

gradio

≤ 5.6.0

AI Security Analysis

AI Category: APIs and Models
Risk Domain: Privacy and Disclosure
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Gradio is an open-source platform for building web demos and applications specifically for machine learning models and AI, making it AI-related under 'Other Platforms'. The vulnerability affects its file path ACL in demo deployments.

MITRE ATT&CK Enterprise Techniques

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

Why these techniques?

CVE-2025-23042 enables bypassing Gradio's file ACL via case manipulation on case-insensitive FS, facilitating exploitation of public-facing web apps (T1190) for unauthorized local file access (T1005) and credential theft from files (T1552.001).

References

https://github.com/gradio-app/gradio/security/advisories/GHSA-j2jg-fq62-7c3h
Exploit, Mitigation, Third Party Advisory · security-advisories@github.com