CVE-2025-48889

MEDIUM Year: 2025
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. This issue has been patched in version 5.31.0.

Related Vulnerabilities

CVE-2018-16821

MEDIUM
CVSS:5.3(Medium)

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.

CWE-4342018

CVE-2018-19789

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string...

CWE-4342018

CVE-2021-29022

MEDIUM
CVSS:5.3(Medium)

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.

CWE-4342021

CVE-2023-38330

MEDIUM
CVSS:5.3(Medium)

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP ...

CWE-4342023

CVE-2023-40183

MEDIUM
CVSS:5.3(Medium)

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `Im...

CWE-4342023