CVE-2021-43831: Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.
Summary
Gradio, a framework for building interactive machine learning demos, had a vulnerability in versions before 2.5.0 where users could read any file on the host computer if they knew the file path, since file access wasn't restricted (though files could only be opened in read-only mode). This meant anyone with a link to a Gradio interface could potentially access sensitive files on the server.
Solution / Mitigation
Update to Gradio version 2.5.0 or later, where the vulnerability has been patched.
Vulnerability Details
7.7(high)
EPSS: 30.3%
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-43831
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 95%