CVE-2024-47168 — MEDIUM (CVSS 4.3) AI Security Vulnerability

CISO Take

Gradio deployments with enable_monitoring=False are silently exposing the /monitoring dashboard to any authenticated user — your assumption of privacy is wrong. This affects internal ML demo platforms and model-serving UIs where analytics data (query volumes, usage patterns, user behavior) may be considered sensitive. Upgrade to gradio>=4.44.0 immediately; there are no workarounds.

Risk Assessment

Risk is moderate-low in isolation but elevated in enterprise ML environments where Gradio instances serve internal models or handle sensitive query patterns. CVSS 4.3 reflects low-privilege network access with no interaction required — any authenticated user can exploit this. The real exposure depends on what the monitoring dashboard reveals: model usage metrics, query rates, and user analytics could aid reconnaissance of AI system behavior. Not actively exploited and not in KEV, but the trust violation (disabled flag = still exposed) is operationally significant.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
gradio	pip	—	No patch
42.5K OpenSSF 5.5 679 dependents Pushed 2d ago 27% patched ~110d to patch Full package profile →
gradio	pip	< 4.44.0	`4.44.0`
42.5K OpenSSF 5.5 679 dependents Pushed 2d ago 27% patched ~110d to patch Full package profile →

Severity & Risk

CVSS 3.1

4.3 / 10

EPSS

0.2%

chance of exploitation in 30 days

Higher than 36% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Trivial

Attack Surface

AV Network

AC Low

PR Low

UI None

S Unchanged

C Low

I None

A None

Recommended Action

5 steps

Upgrade to gradio>=4.44.0 immediately — this is the only fix, no workarounds exist per the advisory.
Audit all Gradio instances in your environment: run 'pip show gradio' to check versions.
If immediate upgrade is blocked, place a WAF or reverse proxy rule blocking direct access to the /monitoring path.
Review access logs for unauthorized hits to /monitoring on affected versions.
Treat monitoring data exposed during the vulnerability window as potentially compromised — assess what was visible.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Data Leakage Privacy Violation Auth Bypass Framework Inference AML.T0006 - Active Scanning AML.T0049 - Exploit Public-Facing Application AML.T0063 - Discover AI Model Outputs

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 12 - Record-keeping and logging

ISO 42001

8.4 - AI system risk controls 9.1 - Monitoring, measurement, analysis and evaluation

NIST AI RMF

GOVERN-6.1 - Policies and procedures are in place for AI risk management MANAGE-2.2 - Mechanisms are in place for AI risks to be tracked

OWASP LLM Top 10

LLM02 - Sensitive Information Disclosure

Frequently Asked Questions

What is CVE-2024-47168?

Gradio deployments with enable_monitoring=False are silently exposing the /monitoring dashboard to any authenticated user — your assumption of privacy is wrong. This affects internal ML demo platforms and model-serving UIs where analytics data (query volumes, usage patterns, user behavior) may be considered sensitive. Upgrade to gradio>=4.44.0 immediately; there are no workarounds.

Is CVE-2024-47168 actively exploited?

No confirmed active exploitation of CVE-2024-47168 has been reported, but organizations should still patch proactively.

How to fix CVE-2024-47168?

1. Upgrade to gradio>=4.44.0 immediately — this is the only fix, no workarounds exist per the advisory. 2. Audit all Gradio instances in your environment: run 'pip show gradio' to check versions. 3. If immediate upgrade is blocked, place a WAF or reverse proxy rule blocking direct access to the /monitoring path. 4. Review access logs for unauthorized hits to /monitoring on affected versions. 5. Treat monitoring data exposed during the vulnerability window as potentially compromised — assess what was visible.

What systems are affected by CVE-2024-47168?

This vulnerability affects the following AI/ML architecture patterns: model serving, ML demo platforms, internal AI tooling.

What is the CVSS score for CVE-2024-47168?

CVE-2024-47168 has a CVSS v3.1 base score of 4.3 (MEDIUM). The EPSS exploitation probability is 0.16%.

Technical Details

NVD Description

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted. Users are advised to upgrade to gradio>=4.44 to address this issue. There are no known workarounds for this vulnerability.

Exploitation Scenario

An attacker with low-privilege authenticated access to a Gradio-powered ML interface (e.g., a standard user account on an internal model demo) directly navigates to the /monitoring endpoint. Despite the operator having set enable_monitoring=False — believing access was disabled — the endpoint responds with full application analytics. The attacker harvests query volume data, user interaction patterns, and usage metrics. In a competitive intelligence or insider threat scenario, this data reveals which models are actively used, query frequency, and operational patterns of the AI system without triggering any alerts since the access appears legitimate.