Denial of Service Vulnerability in Gradio by Gradio App
CVE-2025-0187

7.5HIGH

Key Information:

Vendor: Gradio-app
Status: Gradio-app/gradio
Vendor: CVE Published:; 20 March 2025

What is CVE-2025-0187?

A Denial of Service (DoS) vulnerability has been identified in the file upload functionality of Gradio version 0.39.1. This issue stems from the improper handling of form-data containing overly large filenames within file upload requests. When an attacker submits a payload featuring an excessively large filename, it can overwhelm the server, leading to a denial of service that prevents legitimate users from accessing the application. Organizations leveraging this version of Gradio should take immediate measures to mitigate potential exploits of this vulnerability.

Affected Version(s)

gradio-app/gradio <= unspecified

References

https://huntr.com/bounties/77f3ed54-9e1c-4d9f-948f-ee6f82...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Jan 3, 2025

Gradio-app

What is CVE-2025-0187?

Affected Version(s)

References

CVSS V3.0

Timeline