PT-2025-12050 · Gradio · Gradio

Published

2025-03-20

Updated

2025-03-20

CVE-2024-10648

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions gradio-app/gradio version git 98cbcae

Description A path traversal issue exists in the Gradio Audio component, allowing an attacker to control the format of the audio file. This can lead to arbitrary file content deletion by manipulating the output format, causing a denial of service (DOS) on the server.

Recommendations For version git 98cbcae, consider restricting access to the Gradio Audio component until a patch is available to prevent potential denial of service attacks. As a temporary workaround, avoid using the Gradio Audio component to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-29

Related Identifiers

CVE-2024-10648

GHSA-PGFV-GVC5-PRFG

Affected Products

Gradio

PT-2025-12050 · Gradio · Gradio

CVE-2024-10648

Weakness Enumeration

Related Identifiers

Affected Products

References · 7