AVID-2026-R1641

Description

Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio (CVE-2025-0187)

Details

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailability for legitimate users.

Reason for inclusion in AVID: CVE-2025-0187 describes a Denial of Service vulnerability in the Gradio library (gradio-app/gradio) via improper handling of large filenames during file uploads. Gradio is a framework used to build and deploy AI apps, so the issue affects software components commonly used in AI pipelines and general-purpose AI systems. This is a software vulnerability with potential impact on availability of AI services, aligning with software supply chain concerns since it resides in a dependency/framework used in AI stacks. The report provides explicit vulnerability details (DoS, resource exhaustion), CVSS metrics, and CWE taxonomy, which together constitute sufficient evidence.

References

• NVD entry
• https://huntr.com/bounties/77f3ed54-9e1c-4d9f-948f-ee6f82e2fe24

Affected or Relevant Artifacts

• Developer: gradio-app
• Deployer: gradio-app
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2025-03-20
• Version: 0.3.3
• AVID Entry