Low severity3.7NVD Advisory· Published May 29, 2025· Updated Apr 15, 2026

CVE-2025-5320

Description

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
gradioPyPI	>= 5.0.0, <= 5.29.1	—

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-wmjh-cpqj-4v6xghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-5320ghsaADVISORY
gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fenvdWEB
gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fenvdWEB
vuldb.comnvdWEB
vuldb.comnvdWEB
vuldb.comnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.240
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000