CVE-2025-48889: 
Gradio vulnerability analysis and mitigation

Gradio, an open-source Python package for building demos and web applications for machine learning models, API, or any arbitrary Python function, was found to contain an arbitrary file copy vulnerability (CVE-2025-48889). The vulnerability affects versions prior to 5.31.0, specifically in the flagging feature which allows unauthenticated attackers to copy any readable file from the server's filesystem. The issue was disclosed on May 30, 2025, and has been patched in version 5.31.0 (GitHub Advisory, NVD).

The vulnerability exists in Gradio's flagging component, which fails to properly validate file paths before copying files. The vulnerable code flow begins when a JSON payload is sent to the /gradioapi/run/predict endpoint, where the path field within FileData object can reference any file on the system. The FileData.copyto_dir() method uses this path without proper validation, allowing the copying of any file the Gradio process can read. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, indicating that it can be exploited remotely without requiring privileges or user interaction (GitHub Advisory).

While attackers cannot read the copied files directly, they can cause a Denial of Service (DoS) attack by copying large files (like /dev/urandom) to fill disk space. The vulnerability allows unauthenticated attackers to copy any readable file from the server's filesystem (GitHub Advisory).

The vulnerability has been patched in Gradio version 5.31.0. Users are advised to upgrade to this version or later to address the security issue (NVD).