Symbolic Link Vulnerability in GPT Academic by Binary Husky
CVE-2025-25185

7.5HIGH

Key Information:

Vendor: Binary-husky
Status: Gpt Academic
Vendor: CVE Published:; 3 March 2025

🔔 Create Binary-husky Vulnerability Alert

What is CVE-2025-25185?

The vulnerability in GPT Academic affects versions 3.91 and earlier, allowing attackers to exploit soft links. By creating a malicious file that points to a legitimate target file, an attacker can package this malicious soft link into a tar.gz file and upload it. When the server decompresses the file, the soft link will reference the target file, enabling unauthorized access to read any file on the server. This vulnerability poses substantial security risks, particularly in environments where sensitive data is handled.

Affected Version(s)

gpt_academic <= 3.91

References

https://github.com/binary-husky/gpt_academic/security/adv...

x_refsource_CONFIRM

https://github.com/binary-husky/gpt_academic/commit/5dffe...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Feb 3, 2025