{"data":{"id":"cb6e9595-1787-4094-94be-06968dcd14a7","title":"CVE-2025-23042: Gradio is an open-source Python package that allows quick building of demos and web application for machine learning mod","summary":"Gradio, an open-source Python package for building web applications around machine learning models, has a security flaw in its Access Control List (ACL, a system that controls which files users can access). Attackers can bypass this protection on Windows and macOS by changing the capitalization of file paths, since these operating systems treat uppercase and lowercase letters as the same in file names. This allows unauthorized access to sensitive files that should be blocked.","solution":"This issue has been addressed in release version 5.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-23042","publishedAt":"2025-01-15T00:15:44.863Z","cveId":"CVE-2025-23042","cweIds":["CWE-285"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00099,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}