CVE-2025-25185
📋 TL;DR
CVE-2025-25185 is a path traversal vulnerability in GPT Academic that allows attackers to read arbitrary files on the server by exploiting improper symlink handling during archive extraction. Attackers can upload malicious tar.gz archives containing symlinks that point to sensitive system files. All users running GPT Academic versions 3.91 and earlier are affected.
💻 Affected Systems
- GPT Academic
📦 What is this software?
Gpt Academic by Binary Husky
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like SSH keys, configuration files, database credentials, and system files, potentially leading to lateral movement and data exfiltration.
Likely Case
Unauthorized reading of sensitive application files, configuration data, and potentially user data stored on the server.
If Mitigated
Limited impact with proper file permissions and isolation, though sensitive files accessible to the application user could still be exposed.
🎯 Exploit Status
Exploitation requires file upload capability but follows standard symlink attack patterns with publicly available techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.92 and later
Vendor Advisory: https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-gqp5-wm97-qxcv
Restart Required: No
Instructions:
1. Update to GPT Academic version 3.92 or later. 2. Apply the patch from commit 5dffe8627f681d7006cebcba27def038bb691949. 3. Verify the fix by testing file upload functionality with malicious archives.
🔧 Temporary Workarounds
Disable file upload functionality
allTemporarily disable or restrict file upload features in GPT Academic configuration
Implement file upload validation
allAdd server-side validation to reject archives containing symlinks or suspicious file paths
🧯 If You Can't Patch
- Run GPT Academic with minimal file system permissions using a dedicated, restricted user account
- Implement network segmentation and isolate the GPT Academic server from sensitive systems
🔍 How to Verify
Check if Vulnerable:
Check if running GPT Academic version 3.91 or earlier by examining the version in the application interface or configuration filesCheck Version:
Check the application's web interface or configuration files for version informationVerify Fix Applied:
Test file upload with a tar.gz archive containing symlinks - the application should reject or safely handle the archive in patched versions📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from GPT Academic process
- Multiple failed file upload attempts
- Access to sensitive system paths in application logs
Network Indicators:
- Unusual outbound data transfers following file uploads
- Multiple archive uploads in short timeframes
SIEM Query:
source="gpt_academic_logs" AND (event="file_upload" AND file_extension="tar.gz") | stats count by src_ip