What is CVE-2025-23042?

CVE-2025-23042 is a vulnerability in Gradio-app Gradio, classified under Improper Authorization. Published 2025-01-14.

Is CVE-2025-23042 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Gradio-app Gradio

CVE-2025-23042

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by alteri…

EPSS: 0.001 (27.2th percentile) — read the EPSS interpretation.

Affected products

Gradio-app Gradio — versions < 5.6.0

Weakness classification (CWE)

CWE-285 — Improper Authorization

Public proof-of-concept exploits

rahg0/python-intentionally-vuln-package
rahg0/python-weather-app
rahg0/python-weather-app-with-pipenv

References

https://github.com/gradio-app/gradio/security/advisories/GHSA-j2jg-fq62-7c3h (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-23042?: CVE-2025-23042 is a vulnerability in Gradio-app Gradio, classified under Improper Authorization. Published 2025-01-14.
Is CVE-2025-23042 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.