CVE-2025-5320 | gradio-app gradio up to 5.29.1 CORS is_valid_origin localhost_aliases origin validation

Inserito da Angelo Barbosa | Mag 29, 2025 | CVE

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to origin validation error.

This vulnerability is uniquely identified as CVE-2025-5320. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5320 | gradio-app gradio up to 5.29.1 CORS is_valid_origin localhost_aliases origin validation

Post correlati

CVE-2024-22363 | SheetJS Community Edition up to 0.20.1 redos

CVE-2023-6272 | Theme My Login 2FA Plugin up to 1.1 on WordPress excessive authentication

CVE-2024-5508 | Luxion KeyShot Viewer KSP File Parser out-of-bounds write

CVE-2024-3468 | AVEVA PI Web API prior 2023 SP1 API XML Import deserialization (icsa-24-163-02)