CVE-2025-0191 – A Denial of Service vulnerability in gaizhenbia... (How to Fix)

Q: What is the severity of CVE-2025-0191?

CVE-2025-0191 has a CVSS score of 6.5 (MEDIUM). A Denial of Service vulnerability in gaizhenbiao/chuanhuchatgpt allows attackers to crash the service by uploading files with excessively long filenames. This affects all users running version 20240914 of the software, making the chat service unavailable to legitimate users.

📋 TL;DR

A Denial of Service vulnerability in gaizhenbiao/chuanhuchatgpt allows attackers to crash the service by uploading files with excessively long filenames. This affects all users running version 20240914 of the software, making the chat service unavailable to legitimate users.

💻 Affected Systems

Products:

gaizhenbiao/chuanhuchatgpt

Versions: Version 20240914

Operating Systems: All platforms running the software

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with file upload functionality enabled and accessible.

📦 What is this software?

Chuanhuchatgpt by Gaizhenbiao

View all CVEs affecting Chuanhuchatgpt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage making the chat application completely unavailable to all users until service restart.

🟠

Likely Case

Temporary service disruption requiring administrator intervention to restart the affected service.

🟢

If Mitigated

No impact if filename length validation is properly implemented.

🌐 Internet-Facing: HIGH - The file upload feature is typically internet-facing and exploitable without authentication.

🏢 Internal Only: MEDIUM - Internal users could still exploit this, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only sending a specially crafted HTTP request with a large filename parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 20240914

Vendor Advisory: https://huntr.com/bounties/c89a1dfd-a733-41b3-af20-6ef6024361eb

Restart Required: Yes

Instructions:

1. Update to the latest version of gaizhenbiao/chuanhuchatgpt. 2. Restart the application service. 3. Verify the fix by testing file upload functionality.

🔧 Temporary Workarounds

Filename Length Restriction

all

Implement server-side validation to limit filename length before processing.

# In your file upload handler, add: if len(filename) > 255: return error

Disable File Upload

all

Temporarily disable the vulnerable file upload feature if not essential.

# Comment out or remove file upload routes in your application

🧯 If You Can't Patch

Implement a web application firewall (WAF) rule to block requests with excessively long filenames
Rate limit file upload requests to prevent rapid exploitation

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a file with a filename exceeding 1000 characters and observe if service becomes unresponsive.

Check Version:

Check the application version in the interface or configuration files

Verify Fix Applied:

Test file upload with long filenames and verify the service remains responsive and returns appropriate error messages.

📡 Detection & Monitoring

Log Indicators:

Multiple failed file upload attempts with long filenames
Service restart events following file upload attempts

Network Indicators:

HTTP POST requests to upload endpoints with unusually long Content-Disposition headers
Increased error rate from file upload endpoints

SIEM Query:

source="web_server" AND uri_path="/upload" AND content_length>10000

📊 Metadata

CVE ID: CVE-2025-0191

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.09% exploit probability (26th percentile)

Published: March 20, 2025

Last Updated: July 9, 2025

🔗 References

https://huntr.com/bounties/c89a1dfd-a733-41b3-af20-6ef6024361eb Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0191, you might also want to check these: