{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5320", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-29T08:05:26.904Z", "datePublished": "2025-05-29T13:31:04.612Z", "dateUpdated": "2025-06-01T04:39:35.844Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-01T04:39:35.844Z"}, "title": "gradio-app gradio CORS is_valid_origin privilege escalation", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-346", "lang": "en", "description": "Origin Validation Error"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-345", "lang": "en", "description": "Insufficient Verification of Data Authenticity"}]}], "affected": [{"vendor": "gradio-app", "product": "gradio", "versions": [{"version": "5.29.0", "status": "affected"}, {"version": "5.29.1", "status": "affected"}], "modules": ["CORS Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in gradio-app gradio bis 5.29.1 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion is_valid_origin der Komponente CORS Handler. Mittels dem Manipulieren des Arguments localhost_aliases mit unbekannten Daten kann eine erweiterte Rechte-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2025-05-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-05-29T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-01T06:41:23.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Jiacheng Zhong", "type": "finder"}, {"lang": "en", "value": "Zhengyu Liu", "type": "finder"}, {"lang": "en", "value": "Gavin Zhong (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "Gavin Zhong (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.310491", "name": "VDB-310491 | gradio-app gradio CORS is_valid_origin privilege escalation", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.310491", "name": "VDB-310491 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.580250", "name": "Submit #580250 | gradio <=5.29.1 Cross-Site Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe", "tags": ["related"]}, {"url": "https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe#proof-of-concept-poc", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-29T13:43:51.563565Z", "id": "CVE-2025-5320", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-29T13:44:05.707Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5320", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-29T13:43:51.563565Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-29T13:43:55.801Z"}}], "cna": {"title": "gradio-app gradio CORS is_valid_origin privilege escalation", "credits": [{"lang": "en", "type": "finder", "value": "Jiacheng Zhong"}, {"lang": "en", "type": "finder", "value": "Zhengyu Liu"}, {"lang": "en", "type": "reporter", "value": "Gavin Zhong (VulDB User)"}, {"lang": "en", "type": "analyst", "value": "Gavin Zhong (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "affected": [{"vendor": "gradio-app", "modules": ["CORS Handler"], "product": "gradio", "versions": [{"status": "affected", "version": "5.29.0"}, {"status": "affected", "version": "5.29.1"}]}], "timeline": [{"lang": "en", "time": "2025-05-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-05-29T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-01T06:41:23.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.310491", "name": "VDB-310491 | gradio-app gradio CORS is_valid_origin privilege escalation", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.310491", "name": "VDB-310491 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.580250", "name": "Submit #580250 | gradio <=5.29.1 Cross-Site Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe", "tags": ["related"]}, {"url": "https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe#proof-of-concept-poc", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in gradio-app gradio bis 5.29.1 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion is_valid_origin der Komponente CORS Handler. Mittels dem Manipulieren des Arguments localhost_aliases mit unbekannten Daten kann eine erweiterte Rechte-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "Origin Validation Error"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-01T04:39:35.844Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5320", "state": "PUBLISHED", "dateUpdated": "2025-06-01T04:39:35.844Z", "dateReserved": "2025-05-29T08:05:26.904Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-05-29T13:31:04.612Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en gradio-app gradio (hasta la versi\u00f3n 5.29.1). Esta vulnerabilidad afecta a la funci\u00f3n \"is_valid_origin\" del componente CORS Handler. La manipulaci\u00f3n del argumento \"localhost_aliases\" provoca un error de validaci\u00f3n de origen. Es posible iniciar el ataque de forma remota. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-5320", "lastModified": "2025-06-01T05:15:19.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-05-29T14:15:38.377", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe"}, {"source": "cna@vuldb.com", "url": "https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe#proof-of-concept-poc"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.310491"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.310491"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.580250"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}, {"lang": "en", "value": "CWE-346"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}