CVE-2025-5320: A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is
Summary
A vulnerability (CVE-2025-5320) was found in Gradio, a web framework for building AI demos, affecting versions up to 5.29.1. An attacker could manipulate the localhost_aliases parameter in the CORS Handler (the component that controls which websites can access the application) to gain elevated privileges, though executing this attack is difficult and requires remote access.
Vulnerability Details
3.7(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-5320
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 85%