CVE-2025-50736 — Byaidu PDFMathTranslate vulnerable to open redirect

Description

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.

How to fix CVE-2025-50736

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

PyPI/pdf2zh—no fix listed

Is CVE-2025-50736 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-50736
PATCHgithub.com/Byaidu/PDFMathTranslate
WEBgithub.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50736
WEBhackmd.io/@fai1424/SJz7ttVWxe
WEBpdf2zh.com