CVE-2025-50736 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-50736

CVE-2025-50736

October 30, 2025

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.

Related Resources (6)

https://pdf2zh.com

https://hackmd.io/@fai1424/SJz7ttVWxe

https://github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50736

https://pdf2zh.com/

https://github.com/Byaidu/PDFMathTranslate

https://nvd.nist.gov/vuln/detail/CVE-2025-50736

Do you need more information?

CVSS v4

Base Score:

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

ACTIVE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

LOW

Subsequent System Integrity

LOW

Subsequent System Availability

NONE

Exploit Maturity

POC

CVSS v3

Base Score:

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

EPSS

Base Score:

0.04

Products

Solutions

Resources

Company

Compare

Developer Tools