Home > Vulnerability Database > CVE-2025-5320

Mend.io Vulnerability Database

CVE-2025-5320

Date: May 29, 2025

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity Score

3.7

Related Resources (8)

Url: https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-5320

Url: https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe#proof-of-concept-poc

Url: https://github.com/gradio-app/gradio

Url: https://vuldb.com/?submit.580250

Url: https://vuldb.com/?id.310491

Url: https://vuldb.com/?ctiid.310491

Url: https://www.mend.io/vulnerability-database/CVE-2025-5320

Severity Score

3.7

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Origin Validation Error

CWE-346

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2025-5320

Date: May 29, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?