VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-t89m-72z1-a3cv

Essentials
Severities (13)
References (6)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-t89m-72z1-a3cv
Aliases	CVE-2024-4325 GHSA-973g-55hp-3frw
Summary	Server-Side Request Forgery in gradio A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerability arises when the `path` value, obtained from the user and expected to be a URL, is used to make an HTTP request without sufficient validation checks. This flaw allows an attacker to send crafted requests that could lead to unauthorized access to the local network or the AWS metadata endpoint, thereby compromising the security of internal servers.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-918	Server-Side Request Forgery (SSRF)
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.65093	https://api.first.org/data/v1/epss?cve=CVE-2024-4325
epss	0.65093	https://api.first.org/data/v1/epss?cve=CVE-2024-4325
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-973g-55hp-3frw
cvssv3.1	8.6	https://github.com/gradio-app/gradio
generic_textual	HIGH	https://github.com/gradio-app/gradio
cvssv3.1	8.6	https://github.com/gradio-app/gradio/pull/8301
generic_textual	HIGH	https://github.com/gradio-app/gradio/pull/8301
cvssv3	8.6	https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88
cvssv3.1	8.6	https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88
generic_textual	HIGH	https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88
ssvc	Track	https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88
cvssv3.1	8.6	https://nvd.nist.gov/vuln/detail/CVE-2024-4325
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2024-4325

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-4325
		https://github.com/gradio-app/gradio
		https://github.com/gradio-app/gradio/pull/8301
		https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88
CVE-2024-4325		https://nvd.nist.gov/vuln/detail/CVE-2024-4325
GHSA-973g-55hp-3frw		https://github.com/advisories/GHSA-973g-55hp-3frw

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/gradio-app/gradio

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/gradio-app/gradio/pull/8301

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-06T19:32:08Z/ Found at https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4325

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.98499
EPSS Score	0.65093
Published At	June 6, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:21:54.015842+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/gradio/CVE-2024-4325.yml	38.6.0