CVE-2025-50736 — LOW AI Security Vulnerability

CISO Take

CVE-2025-50736 is a low-severity open redirect in PDFMathTranslate (pdf2zh v1.9.9), a Gradio-based AI tool for PDF translation. The risk is primarily phishing: attackers can craft URLs using your organization's trusted ML tool domain to redirect users to attacker-controlled sites. If your teams use this tool (common in research, legal, or financial document workflows), update to a patched version or disable public-facing access until a patch is available.

Risk Assessment

Low inherent CVSS severity, but contextual risk elevates in enterprise AI deployments. EPSS of 0.00049 indicates low active exploitation probability. The primary threat vector is social engineering via trusted-domain abuse — users clicking links from a known internal ML tool domain have lower suspicion thresholds. Risk increases if the Gradio endpoint is internet-facing or if the tool is used in sensitive document processing workflows (legal, finance, research). No patch currently listed.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
pdf2zh	pip	= 1.9.9	No patch

Do you use pdf2zh? You're affected.

Severity & Risk

CVSS 3.1

N/A

EPSS

0.0%

chance of exploitation in 30 days

Higher than 9% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Trivial

Exploitation Confidence

medium

○ CISA SSVC: Public PoC

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Recommended Action

6 steps

Audit deployments of pdf2zh v1.9.9 — check pip-installed packages across ML workstations, Docker containers, and internal tooling.
Restrict /gradio_api endpoint access via network controls (WAF rules blocking open redirect patterns, IP allowlisting).
If no patch is available, disable public-facing access or implement URL parameter validation at the reverse proxy layer.
Monitor for anomalous redirect patterns in access logs targeting /gradio_api?file= parameters pointing to external domains.
Brief security awareness teams on phishing campaigns leveraging this redirect vector.
Track GitHub Advisory GHSA-pfrv-63w8-q7rq for patch availability.

CISA SSVC Assessment

Decision Track*

Exploitation poc

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Social Engineering Auth Bypass API Framework AML.T0011.003 - Malicious Link AML.T0049 - Exploit Public-Facing Application AML.T0052 - Phishing AML.T0073 - Impersonation

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 15 - Accuracy, robustness and cybersecurity

ISO 42001

A.6.2.6 - AI system security testing

NIST AI RMF

GOVERN 6.2 - Policies and procedures are in place to address AI risks and trustworthiness

OWASP LLM Top 10

LLM07 - Insecure Plugin Design

Frequently Asked Questions

What is CVE-2025-50736?

CVE-2025-50736 is a low-severity open redirect in PDFMathTranslate (pdf2zh v1.9.9), a Gradio-based AI tool for PDF translation. The risk is primarily phishing: attackers can craft URLs using your organization's trusted ML tool domain to redirect users to attacker-controlled sites. If your teams use this tool (common in research, legal, or financial document workflows), update to a patched version or disable public-facing access until a patch is available.

Is CVE-2025-50736 actively exploited?

No confirmed active exploitation of CVE-2025-50736 has been reported, but organizations should still patch proactively.

How to fix CVE-2025-50736?

1. Audit deployments of pdf2zh v1.9.9 — check pip-installed packages across ML workstations, Docker containers, and internal tooling. 2. Restrict /gradio_api endpoint access via network controls (WAF rules blocking open redirect patterns, IP allowlisting). 3. If no patch is available, disable public-facing access or implement URL parameter validation at the reverse proxy layer. 4. Monitor for anomalous redirect patterns in access logs targeting /gradio_api?file= parameters pointing to external domains. 5. Brief security awareness teams on phishing campaigns leveraging this redirect vector. 6. Track GitHub Advisory GHSA-pfrv-63w8-q7rq for patch availability.

What systems are affected by CVE-2025-50736?

This vulnerability affects the following AI/ML architecture patterns: model serving, ml_ui deployments, Gradio-based inference frontends.

What is the CVSS score for CVE-2025-50736?

No CVSS score has been assigned yet.

Technical Details

NVD Description

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.

Exploitation Scenario

An attacker discovers an organization's internal or public-facing PDFMathTranslate deployment (common in research institutions, law firms, or financial services using AI for document translation). They craft a URL: https://[org-ml-tool-domain]/gradio_api?file=https://attacker-phishing-site.com/login. The URL is embedded in a spearphishing email targeting researchers or document processing staff — the legitimate organizational domain in the link lowers suspicion. Users click, get transparently redirected to a credential-harvesting site mimicking the organization's SSO login. This pattern is particularly effective when combined with prior recon of the organization's ML tooling stack.