{"data":{"id":"e68e0042-5435-4761-8ccb-c2e5d276ceff","title":"CVE-2023-25823: Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions ","summary":"Gradio is a Python library for building AI demo applications, and versions before 3.13.1 accidentally exposed private SSH keys (security credentials that grant system access) when users enabled share links to let others access their apps. This meant anyone connecting to a shared Gradio app could steal the SSH key and access other users' Gradio demos or exploit them further depending on what data or capabilities the app had access to.","solution":"Update to version 3.13.1 or later. Gradio recommends updating to version 3.19.1 or later, where the FRP (Fast Reverse Proxy) solution has been properly tested.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-25823","publishedAt":"2023-02-24T03:15:11.580Z","cveId":"CVE-2023-25823","cweIds":["CWE-798","CWE-798"],"cvssScore":"5.4","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00408,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}