CVE-2025-5320 | gradio-app gradio up to 5.29.1 CORS is_valid_origin localhost_aliases origin validation

Inserito da Angelo Barbosa | Mag 29, 2025 | CVE

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to origin validation error.

This vulnerability is uniquely identified as CVE-2025-5320. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5320 | gradio-app gradio up to 5.29.1 CORS is_valid_origin localhost_aliases origin validation

Post correlati

CVE-2023-51415 | GiveWP Donation Plugin and Fundraising Platform Plugin up to 3.2.2 on WordPress cross site scripting

CVE-2023-48841 | Appointment Scheduler 3.0 Language Label Export csv injection (ID 176058)

CVE-2024-23858 | Cups Easy 1.0 URL stockissuancelinecreate.php batchno cross site scripting

CVE-2024-45798 | Espressif arduino-esp32 code injection