5 matches found
CVE-2025-25185
GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it...
CVE-2025-25185
GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it...
CVE-2025-25185 GPT Academic allows arbitary file read by tarfile uncompress within softlink
GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it...
CVE-2025-25185 GPT Academic allows arbitary file read by tarfile uncompress within softlink
GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it...
CVE-2025-25185
CVE-2025-25185: GPT Academic exposes a back-linking vulnerability in 3.91 and earlier where soft links are not properly handled during tar.gz extraction. An attacker can create a malicious file as a soft link to a target server file, package it in a tar.gz, upload it, and on decompression the sof...