CVE-2025-5320

Name of the Vulnerable Software and Affected Versions gradio-app gradio versions up to 5.29.1

Description A problematic vulnerability has been found in the CORS Handler component, specifically affecting the is valid origin function. The issue arises from the manipulation of the localhost aliases argument, leading to an origin validation error. This vulnerability can be exploited remotely, with a relatively high complexity of attack and difficult exploitability. The exploit has been publicly disclosed.

Recommendations For versions up to 5.29.1, as a temporary workaround, consider restricting the use of the is valid origin function in the CORS Handler component until a patch is available. Additionally, be cautious when using the localhost aliases argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.