Gecko Security
Get a Demo
Back to Research
Blog Post

Updating the Attributions on Some Of The CVEs We Found

Addressing attribution oversights in CVE disclosures found by Gecko and crediting the original researchers.

Jeevan Jutla
10/14/2025

We want to address attribution oversights in several of our CVE disclosures and properly credit the original researchers for those findings.

Earlier this year, we used our AI SAST tool to scan GitHub and find vulnerabilities in open-source repositories. For all findings by Gecko, we worked directly with the maintainers to develop and release fixes. We've since learned that some of our findings had already been discovered first by other researchers on separate bug bounty platforms with one already having a CVE assigned, but no public fix released. At the time of our disclosures, neither we nor the maintainers were aware of any prior reports. We scanned the latest versions of code and only checked GitHub and CNA advisories, not different bounty platforms, which was an oversight on our part.

These were independent discoveries made through our automated scanning process. It's disappointing that claims have been made characterizing this as stolen or malicious research, and we reject claims that PoCs have been copied verbatim.

We take full responsibility for this mistake and have already updated all attributions to properly credit FuzzingLabs and Micheal Keines as the original finders of the CVEs. We accidentally listed the same earlier publication date (Jan 15, 2025) for all our findings, which led to a misunderstanding. None of the findings were backdated, as the public PRs and disclosure receipts with maintainers below show the real dates.

We value security research and their contributions. For the duplicate findings that were submitted to bounty platforms but not approved, we're committed to making payouts directly to the original researchers.

Below is our disclosure process and timeline with attribution updates for the affected CVEs that are duplicate findings:

CVE-2025-48889: Gradio - Unauthorized File Copy via Path Manipulation

  • FuzzingLabs first found this vulnerability in version 5.12.0 and submitted it on Huntr, which was made public on May 1, 2025.
  • Gecko found the same vulnerability in version 5.25.2, and we reported this to the Gradio maintainers on GitHub on May 12, 2025.
  • At the time of our submission, maintainers and CVE authorities were not aware of the prior Huntr report.
  • We proceeded to work with the maintainers for 10 days to release a fix for the vulnerability in Gradio version 5.31.0.
  • We’ve since updated attribution credits to FuzzingLabs as the original finders.
CVE-2025-48889 illustration
Triaging the vulnerability in the GitHub Advisory with a Gradio maintainer

CVE-2025-51471: Ollama - Cross-Domain Authentication Token Exposure

  • FuzzingLabs first found this vulnerability, and their submission was made public on March 1, 2025.
  • Gecko found the same vulnerability in version 0.6.7, and we reported this to the Ollama maintainers on May 16th.
  • The maintainers didn’t respond, but GitHub assigned it a CVE on July 22, 2025.
  • We’ve since updated the attribution credits to FuzzingLabs as the original finders.

Our scanning pipeline uses a database of known CVEs for each repository to help generate PoCs. For Ollama, this database included CVE-2024-12886, a different Ollama vulnerability that FuzzingLabs had previously discovered. All of FuzzingLabs' Ollama PoCs use specific fingerprints including StatusTeapot response codes and similar header structures. When Gecko generated the PoC for our CVE (CVE-2025-51471), it referenced CVE-2024-12886 as a pattern. This is why our PoC contains the same fingerprints as FuzzingLabs' work.

We take responsibility for not verifying whether our generated PoC overlapped with existing public research before publishing it. This was a significant gap in our process that we should have caught.

CVE-2025-51459: DB-GPT - RCE in Plugin Upload System

  • This vulnerability (CVE-2024-10902) was first reported through Huntr and assigned on March 20, 2025, for version 0.6.0.
  • The maintainers were unaware of this issue, and no fix had been implemented.
  • Gecko discovered this vulnerability in version 0.7.0 and reported it on April 23, 2025, working directly with the maintainers to release a fix.
  • A duplicate CVE (CVE-2025-51459) was later assigned on July 22, 2025. We’ve since requested the duplicate CVE be withdrawn.

CVE-2025-54381: BentoML - SSRF in File Upload Processing

  • This vulnerability was first reported on Huntr a year earlier for version 1.2.19 but was rejected as informative.
  • Gecko found the same issue in version 1.4.0 and reported it to the maintainers on July 7, 2025, working with them to release a fix.
  • GitHub assigned a new CVE on July 24, rated Critical (9.9/10).
First submission on Huntr.
First submission of the vulnerability on Huntr
BentoML SSRF context 2
Triaging the vulnerability in the GitHub Advisory with a BentoML maintainer
BentoML SSRF context 3
GitHub assigned a 9.9 severity score to the vulnerability

CVE-2025-51480: ONNX - AFO in External Data Function

  • Researcher Michael Keines originally found this vulnerability and submitted it through Huntr, which was made public on April 1, 2025.
  • Gecko found the same issue and reported it to the maintainers on June 9, 2025, with a CVE issued on July 22, 2025.
  • We’ve since updated attribution to Michael as the original finder.

Our disclosures were made in good faith, and we'll maintain that approach. We've implemented cross-platform verification for proper attribution and will continue working directly with maintainers to ensure fixes get released.