Medium severity6.1GHSA Advisory· Published Oct 30, 2025· Updated Apr 15, 2026

CVE-2025-50736

Description

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.

Affected products

Byaidu/PdfmathtranslateGHSA
Range: = 1.9.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-pfrv-63w8-q7rqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-50736ghsaADVISORY
github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50736nvdWEB
hackmd.io/@fai1424/SJz7ttVWxeghsaWEB
pdf2zh.comghsaWEB
pdf2zh.comnvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000