CVE-2023-25823

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 3.13.1

Description Gradio is an open-source Python library to build machine learning and data science demos and web applications. When using Gradio's share links by setting share=True, a private SSH key is sent to any user that connects to the Gradio machine. This allows a user to access other users' shared Gradio demos, potentially leading to further exploits depending on the level of access or exposure the Gradio app provides.

Recommendations For Gradio versions prior to 3.13.1, update to version 3.19.1 or later, where the FRP solution has been properly tested. As a temporary workaround, consider disabling the share links feature by setting share=False until a patch is applied. Restrict access to shared Gradio demos to minimize the risk of exploitation. Avoid using the share=True parameter in Gradio apps until the issue is resolved.