{"data":{"id":"fbc939b4-81c1-4e80-8b8c-2a4972edba83","title":"CVE-2025-25185: GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not prope","summary":"CVE-2025-25185 is a vulnerability in GPT Academic (version 3.91 and earlier) where the software does not properly handle soft links (special files that point to other files). An attacker can create a malicious soft link, upload it in a compressed tar.gz file, and when the server decompresses it, the soft link will point to sensitive files on the victim's server, allowing the attacker to read all server files.","solution":"A patch is available at https://github.com/binary-husky/gpt_academic/commit/5dffe8627f681d7006cebcba27def038bb691949","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-25185","publishedAt":"2025-03-03T16:15:42.377Z","cveId":"CVE-2025-25185","cweIds":["CWE-59"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GPT Academic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00306,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}