cvedb.io
CVE-2025-25185
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-03-03T16:15:42.377 · Last modified 2026-06-17T09:00:26.660

Summary

GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server.

Affected products

binary-husky — gpt_academic

Does this affect you?

Add your gear to cvedb and we'll alert you only when binary-husky ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.