CVE-2025-50736: Byaidu PDFMathTranslate vulnerable to open redirect

October 30, 2025

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.

References

github.com/Byaidu/PDFMathTranslate
github.com/advisories/GHSA-pfrv-63w8-q7rq
github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50736
hackmd.io/@fai1424/SJz7ttVWxe
nvd.nist.gov/vuln/detail/CVE-2025-50736
pdf2zh.com/

Code Behaviors & Features

Detect and mitigate CVE-2025-50736 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →