CVE-2025-25185 (GCVE-0-2025-25185)
Vulnerability from cvelistv5
Published
2025-03-03 15:33
Modified
2025-03-03 15:47
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server.
References
Impacted products
Vendor Product Version
binary-husky gpt_academic Version: <= 3.91
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25185",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-03T15:46:39.198477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-03T15:47:02.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gpt_academic",
          "vendor": "binary-husky",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 3.91"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-03T15:33:21.272Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-gqp5-wm97-qxcv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-gqp5-wm97-qxcv"
        },
        {
          "name": "https://github.com/binary-husky/gpt_academic/commit/5dffe8627f681d7006cebcba27def038bb691949",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/binary-husky/gpt_academic/commit/5dffe8627f681d7006cebcba27def038bb691949"
        }
      ],
      "source": {
        "advisory": "GHSA-gqp5-wm97-qxcv",
        "discovery": "UNKNOWN"
      },
      "title": "GPT Academic allows arbitary file read by tarfile uncompress within softlink"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-25185",
    "datePublished": "2025-03-03T15:33:21.272Z",
    "dateReserved": "2025-02-03T19:30:53.399Z",
    "dateUpdated": "2025-03-03T15:47:02.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-25185\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-03T16:15:42.377\",\"lastModified\":\"2025-03-07T20:43:41.007\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server.\"},{\"lang\":\"es\",\"value\":\"GPT Academic proporciona interfaces interactivas para modelos de lenguaje de gran tama\u00f1o. En la versi\u00f3n 3.91 y anteriores, GPT Academic no tiene en cuenta correctamente los enlaces simb\u00f3licos. Un atacante puede crear un archivo malicioso como un enlace simb\u00f3lico que apunte a un archivo de destino, luego empaquetar este archivo de enlace simb\u00f3lico en un archivo tar.gz y cargarlo. Posteriormente, al acceder al archivo descomprimido desde el servidor, el enlace simb\u00f3lico apuntar\u00e1 al archivo de destino en el servidor de la v\u00edctima. La vulnerabilidad permite a los atacantes leer todos los archivos del servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:binary-husky:gpt_academic:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AF05F1E-8B1A-48EA-8634-57556CACC971\"}]}]}],\"references\":[{\"url\":\"https://github.com/binary-husky/gpt_academic/commit/5dffe8627f681d7006cebcba27def038bb691949\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-gqp5-wm97-qxcv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"GPT Academic allows arbitary file read by tarfile uncompress within softlink\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-59\", \"lang\": \"en\", \"description\": \"CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-gqp5-wm97-qxcv\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-gqp5-wm97-qxcv\"}, {\"name\": \"https://github.com/binary-husky/gpt_academic/commit/5dffe8627f681d7006cebcba27def038bb691949\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/binary-husky/gpt_academic/commit/5dffe8627f681d7006cebcba27def038bb691949\"}], \"affected\": [{\"vendor\": \"binary-husky\", \"product\": \"gpt_academic\", \"versions\": [{\"version\": \"\u003c= 3.91\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-03-03T15:33:21.272Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server.\"}], \"source\": {\"advisory\": \"GHSA-gqp5-wm97-qxcv\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-25185\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-03T15:46:39.198477Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-03T15:46:53.117Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-25185\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2025-02-03T19:30:53.399Z\", \"datePublished\": \"2025-03-03T15:33:21.272Z\", \"dateUpdated\": \"2025-03-03T15:47:02.444Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.