CVE-2024-4325
Published: 06 June 2024
Summary
CVE-2024-4325 is a high-severity SSRF (CWE-918) vulnerability in Gradio Project Gradio. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.
Deeper analysis
A Server-Side Request Forgery (SSRF) vulnerability exists in Gradio version 4.21.0 within the /queue/join endpoint and the save_url_to_cache function. The flaw stems from insufficient validation of a user-supplied path value that is directly used to perform HTTP requests, enabling interaction with arbitrary destinations.
An unauthenticated remote attacker can exploit the issue over the network by submitting crafted requests that reach internal network resources or the AWS metadata endpoint. Successful exploitation yields high-impact confidentiality exposure on affected systems, with changed scope as reflected in the CVSS 8.6 rating.
The vulnerability is tracked under CWE-918 and carries an EPSS score of 0.6509. Gradio's widespread use for building machine-learning interfaces makes the finding relevant to AI/ML deployments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-1995
Vulnerability details
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerability arises when the `path` value, obtained from the user and expected to be a URL, is used…
more
to make an HTTP request without sufficient validation checks. This flaw allows an attacker to send crafted requests that could lead to unauthorized access to the local network or the AWS metadata endpoint, thereby compromising the security of internal servers.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Gradio is an open-source Python library/platform for creating web UIs and interfaces for machine learning models, commonly used in AI/ML demos and deployments, making it AI-related under Other Platforms.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing Gradio web app (T1190) allows unauthorized requests to internal local network and AWS metadata endpoint, enabling cloud instance metadata discovery (T1522) and unsecured credential access (T1552.005).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
Detects server-side request forgery through monitoring of unexpected outbound connections.