Gradio, a popular open-source Python library for creating machine learning demos and web applications, has recently patched a high-severity vulnerability. Identified as CVE-2025-23042 and carrying a CVSS score of 9.1, the flaw exposes sensitive files through an Access Control List (ACL) bypass.
The vulnerability arises from the lack of case normalization in Gradio’s file path validation logic. According to the advisory, “Gradio’s Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path.” This issue primarily impacts systems with case-insensitive file systems, such as Windows and macOS.
In these environments, attackers can exploit the flaw to access blocked paths by manipulating their letter case. For instance, a restricted file path like resources/admin/credential.txt could be accessed by requesting the file as resources/adMin/credential.txt. The advisory provided a clear example of how this exploit works.
The potential consequences of this vulnerability are significant, particularly for production environments:
- Unauthorized Access: Sensitive files or directories specified in blocked_paths can be accessed by attackers.
- Data Exposure: Critical files, such as configuration files or API keys, may be leaked.
- Broader Compromise: If the exposed files contain credentials, attackers could escalate their privileges or compromise the application’s security model.
The CVE-2025-23042 vulnerability stems from Gradio’s reliance on the is_in_or_equal function to determine file access permissions. However, this function fails to account for case variations in file paths on case-insensitive file systems.
The Gradio team has addressed the issue by introducing case normalization in path validation logic. As per the advisory, “Before evaluating paths against the ACL, normalize the case of both the requested path and the blocked paths (e.g., convert all paths to lowercase).”
The Gradio project has addressed this vulnerability in version 5.11.0. Users are strongly urged to update to the latest version immediately.
