CVE-2025-48889

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 5.31.0

Description An arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files to fill disk space. The flagging component doesn't properly validate file paths before copying files. Attackers can send specially crafted requests to the "/gradio api/run/predict" endpoint to trigger these file copies. The vulnerable code flow involves a JSON payload sent to this endpoint, where the path field within the FileData object can reference any file on the system. The FileData. copy to dir() method uses this path without proper validation, allowing the copying of any file the Gradio process can read.

Recommendations For Gradio versions prior to 5.31.0, update to version 5.31.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/gradio api/run/predict" endpoint to minimize the risk of exploitation. Additionally, restrict the use of the path parameter in the flagging functionality JSON payload to prevent unauthorized file copies.