Primary

Context

Gradio Open Redirect Vulnerability

Vulnerability

A medium-severity open redirect vulnerability has been identified in the latest version of Gradio. This issue allows attackers to redirect users to malicious websites by exploiting URL encoding. The vulnerability can be triggered by sending a crafted request to the application, which then responds with a 302 redirect to an attacker-controlled site.

Impact

Exploitation of this vulnerability can lead to unauthorized redirection of users to malicious websites.

Reproduction

To reproduce this vulnerability, send a GET request to the Gradio application with a URL-encoded target, such as 'http://google.com'. The application will respond with a 302 redirect to the encoded URL, effectively redirecting the user to the specified site.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gradio Open Redirect Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

gradio-app/gradio

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating