CVE-2023-25823: Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions
Summary
Gradio is a Python library for building AI demo applications, and versions before 3.13.1 accidentally exposed private SSH keys (security credentials that grant system access) when users enabled share links to let others access their apps. This meant anyone connecting to a shared Gradio app could steal the SSH key and access other users' Gradio demos or exploit them further depending on what data or capabilities the app had access to.
Solution / Mitigation
Update to version 3.13.1 or later. Gradio recommends updating to version 3.19.1 or later, where the FRP (Fast Reverse Proxy) solution has been properly tested.
Vulnerability Details
5.4(medium)
EPSS: 0.4%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-25823
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 92%