Cyber Resilience

CVE-2025-23042

HighPublic PoC

Published: 14 January 2025

Published
14 January 2025
Modified
26 August 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0014 33.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23042 is a high-severity Improper Authorization (CWE-285) vulnerability in Gradio Project Gradio. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-23042 is a vulnerability in Gradio, an open-source Python package used for quickly building demos and web applications for machine learning models, APIs, or arbitrary Python functions. The flaw allows bypassing of Gradio's Access Control List (ACL) for file paths by altering the letter case of a blocked file or directory path. This occurs due to a lack of case normalization in the file path validation logic, enabling access to sensitive files on case-insensitive file systems such as those on Windows and macOS.

Unauthenticated attackers with network access can exploit this vulnerability with low attack complexity and no user interaction, as reflected in its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Exploitation grants unauthorized access to protected files, leading to exposure of sensitive information and compromising the confidentiality of data served by Gradio applications.

The Gradio security advisory (GHSA-j2jg-fq62-7c3h) states that the issue has been fixed in release version 5.6.0, and users are advised to upgrade immediately. No workarounds are available.

Gradio's widespread use in machine learning and AI web applications heightens the risk of this vulnerability in production environments, where it is classified under CWE-285 (Improper Authorization). No real-world exploitation has been reported.

EU & UK References

Vulnerability details

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter…

more

case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windows and macOS, this flaw enables attackers to circumvent security restrictions and access sensitive files that should be protected. This issue can lead to unauthorized data access, exposing sensitive information and undermining the integrity of Gradio's security model. Given Gradio's popularity for building web applications, particularly in machine learning and AI, this vulnerability may pose a substantial threat if exploited in production environments. This issue has been addressed in release version 5.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, gradio, machine learning

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

CVE-2025-23042 enables bypassing Gradio's file ACL via case manipulation on case-insensitive FS, facilitating exploitation of public-facing web apps (T1190) for unauthorized local file access (T1005) and credential theft from files (T1552.001).

CVEs Like This One

CVE-2026-28414Same product: Gradio Project Gradio
CVE-2026-28416Same product: Gradio Project Gradio
CVE-2026-22252Shared CWE-285
CVE-2026-26020Shared CWE-285
CVE-2026-25724Shared CWE-285
CVE-2026-25809Shared CWE-285
CVE-2026-32252Shared CWE-285
CVE-2026-30702Shared CWE-285
CVE-2026-40246Shared CWE-285
CVE-2023-53895Shared CWE-285

Affected Assets

gradio project
gradio
≤ 5.6.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of case normalization in Gradio's file path validation logic, preventing bypass of ACL restrictions via case-altered paths on case-insensitive file systems.

prevent

Enforces proper access authorizations for file resources, mitigating unauthorized access to sensitive files due to flawed path-based ACL enforcement in Gradio.

prevent

Requires timely identification, reporting, and correction of flaws like the case normalization defect in Gradio, with testing to ensure remediation effectiveness via upgrade to version 5.6.0.

References