PT-2025-12303 · Gradio · Gradio
Published
2025-03-20
·
Updated
2025-03-20
·
CVE-2025-0187
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
gradio-app/gradio version 0.39.1
Description
A Denial of Service (DoS) issue was found in the file upload feature due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailability for legitimate users.
Recommendations
For gradio-app/gradio version 0.39.1, consider restricting the size of filenames allowed in the file upload feature to prevent the server from becoming overwhelmed. As a temporary workaround, consider implementing validation to limit the filename length in the file upload request until a patch is available.
Exploit
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gradio