AI Threat Alert

CVE-2025-50736

GHSA-pfrv-63w8-q7rq LOW
Published October 30, 2025
CISO Take

CVE-2025-50736 is a low-severity open redirect in PDFMathTranslate (pdf2zh v1.9.9), a Gradio-based AI tool for PDF translation. The risk is primarily phishing: attackers can craft URLs using your organization's trusted ML tool domain to redirect users to attacker-controlled sites. If your teams use this tool (common in research, legal, or financial document workflows), update to a patched version or disable public-facing access until a patch is available.

Affected Systems

Package Ecosystem Vulnerable Range Patched
pdf2zh pip = 1.9.9 No patch

Do you use pdf2zh? You're affected.

Severity & Risk

CVSS 3.1
N/A
EPSS
0.0%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
Trivial

Recommended Action

  1. 1. Audit deployments of pdf2zh v1.9.9 — check pip-installed packages across ML workstations, Docker containers, and internal tooling. 2. Restrict /gradio_api endpoint access via network controls (WAF rules blocking open redirect patterns, IP allowlisting). 3. If no patch is available, disable public-facing access or implement URL parameter validation at the reverse proxy layer. 4. Monitor for anomalous redirect patterns in access logs targeting /gradio_api?file= parameters pointing to external domains. 5. Brief security awareness teams on phishing campaigns leveraging this redirect vector. 6. Track GitHub Advisory GHSA-pfrv-63w8-q7rq for patch availability.

Classification

Social Engineering Auth Bypass API Framework AML.T0011.003 AML.T0049 AML.T0052 AML.T0073

Compliance Impact

This CVE is relevant to:

EU AI Act
Article 15 - Accuracy, robustness and cybersecurity
ISO 42001
A.6.2.6 - AI system security testing
NIST AI RMF
GOVERN 6.2 - Policies and procedures are in place to address AI risks and trustworthiness
OWASP LLM Top 10
LLM07 - Insecure Plugin Design

Technical Details

NVD Description

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.

Exploitation Scenario

An attacker discovers an organization's internal or public-facing PDFMathTranslate deployment (common in research institutions, law firms, or financial services using AI for document translation). They craft a URL: https://[org-ml-tool-domain]/gradio_api?file=https://attacker-phishing-site.com/login. The URL is embedded in a spearphishing email targeting researchers or document processing staff — the legitimate organizational domain in the link lowers suspicion. Users click, get transparently redirected to a credential-harvesting site mimicking the organization's SSO login. This pattern is particularly effective when combined with prior recon of the organization's ML tooling stack.

Weaknesses (CWE)

CWE-601 URL Redirection to Untrusted Site ('Open Redirect') Primary

References

Timeline

Published
October 30, 2025
Last Modified
October 30, 2025
First Seen
March 24, 2026
Back to Threat Feed