Cyber Posture

CVE-2025-23042

HighPublic PoC

Published: 14 January 2025

Published
14 January 2025
Modified
26 August 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0010 27.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23042 is a high-severity Improper Authorization (CWE-285) vulnerability in Gradio Project Gradio. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 27.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as APIs and Models; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the lack of case normalization in Gradio's file path validation logic, preventing bypass of ACL restrictions via case-altered paths on case-insensitive file systems.

AC-3 Access Enforcement good match
prevent

Enforces proper access authorizations for file resources, mitigating unauthorized access to sensitive files due to flawed path-based ACL enforcement in Gradio.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of flaws like the case normalization defect in Gradio, with testing to ensure remediation effectiveness via upgrade to version 5.6.0.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
Why these techniques?

CVE-2025-23042 enables bypassing Gradio's file ACL via case manipulation on case-insensitive FS, facilitating exploitation of public-facing web apps (T1190) for unauthorized local file access (T1005) and credential theft from files (T1552.001).

NVD Description

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter…

more

case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windows and macOS, this flaw enables attackers to circumvent security restrictions and access sensitive files that should be protected. This issue can lead to unauthorized data access, exposing sensitive information and undermining the integrity of Gradio's security model. Given Gradio's popularity for building web applications, particularly in machine learning and AI, this vulnerability may pose a substantial threat if exploited in production environments. This issue has been addressed in release version 5.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Deeper analysisAI

CVE-2025-23042 is a vulnerability in Gradio, an open-source Python package used for quickly building demos and web applications for machine learning models, APIs, or arbitrary Python functions. The flaw allows bypassing of Gradio's Access Control List (ACL) for file paths by altering the letter case of a blocked file or directory path. This occurs due to a lack of case normalization in the file path validation logic, enabling access to sensitive files on case-insensitive file systems such as those on Windows and macOS.

Unauthenticated attackers with network access can exploit this vulnerability with low attack complexity and no user interaction, as reflected in its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Exploitation grants unauthorized access to protected files, leading to exposure of sensitive information and compromising the confidentiality of data served by Gradio applications.

The Gradio security advisory (GHSA-j2jg-fq62-7c3h) states that the issue has been fixed in release version 5.6.0, and users are advised to upgrade immediately. No workarounds are available.

Gradio's widespread use in machine learning and AI web applications heightens the risk of this vulnerability in production environments, where it is classified under CWE-285 (Improper Authorization). No real-world exploitation has been reported.

Details

CWE(s)
CWE-285

Affected Products

gradio project
gradio
≤ 5.6.0

AI Security AnalysisAI

AI Category
APIs and Models
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Gradio is an open-source platform for building web demos and applications specifically for machine learning models and AI, making it AI-related under 'Other Platforms'. The vulnerability affects its file path ACL in demo deployments.

CVEs Like This One

CVE-2026-28414Same product: Gradio Project Gradio
CVE-2026-28416Same product: Gradio Project Gradio
CVE-2026-22252Shared CWE-285
CVE-2026-26020Shared CWE-285
CVE-2026-25724Shared CWE-285
CVE-2026-28448Shared CWE-285
CVE-2026-30702Shared CWE-285
CVE-2025-25196Shared CWE-285
CVE-2023-53895Shared CWE-285
CVE-2024-50617Shared CWE-285

References