cnvd - cnvd-2025-22728

CNVD-2025-22728

Vulnerability from cnvd - Published: 2025-09-28

Title

GPT Academic服务器端请求伪造漏洞

Description

GPT Academic是一个为GPT/GLM等LLM大语言模型提供实用化交互的接口。 GPT Academic存在服务器端请求伪造漏洞，攻击者可利用该漏洞使应用程序访问任何URL，包括内部服务，并读取响应。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://huntr.com/bounties/858de346-698e-4a72-a9e9-3dbd6c60ac18

Reference

https://huntr.com/bounties/858de346-698e-4a72-a9e9-3dbd6c60ac18

Impacted products

Name
GPT Academic GPT Academic git 310122f

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-12392",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-12392"
    }
  },
  "description": "GPT Academic\u662f\u4e00\u4e2a\u4e3aGPT/GLM\u7b49LLM\u5927\u8bed\u8a00\u6a21\u578b\u63d0\u4f9b\u5b9e\u7528\u5316\u4ea4\u4e92\u7684\u63a5\u53e3\u3002\n\nGPT Academic\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u8bbf\u95ee\u4efb\u4f55URL\uff0c\u5305\u62ec\u5185\u90e8\u670d\u52a1\uff0c\u5e76\u8bfb\u53d6\u54cd\u5e94\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://huntr.com/bounties/858de346-698e-4a72-a9e9-3dbd6c60ac18",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-22728",
  "openTime": "2025-09-28",
  "products": {
    "product": "GPT Academic GPT Academic git 310122f"
  },
  "referenceLink": "https://huntr.com/bounties/858de346-698e-4a72-a9e9-3dbd6c60ac18",
  "serverity": "\u4e2d",
  "submitTime": "2025-03-27",
  "title": "GPT Academic\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2024-12392 (GCVE-0-2024-12392)

Vulnerability from cvelistv5 – Published: 2025-03-20 10:11 – Updated: 2025-03-20 18:38

Title

Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL, including internal services, and read the response. This can be used to access data that are only accessible from the server, such as AWS metadata credentials, and can escalate local exploits to network-based attacks.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

@huntr_ai

References

URL

Tags

https://huntr.com/bounties/858de346-698e-4a72-a9e…

Impacted products

	Vendor	Product	Version
	binary-husky	binary-husky/gpt_academic	Affected: unspecified , ≤ latest (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12392",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T18:35:25.505134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T18:38:23.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "binary-husky/gpt_academic",
          "vendor": "binary-husky",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL, including internal services, and read the response. This can be used to access data that are only accessible from the server, such as AWS metadata credentials, and can escalate local exploits to network-based attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-20T10:11:36.215Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/858de346-698e-4a72-a9e9-3dbd6c60ac18"
        }
      ],
      "source": {
        "advisory": "858de346-698e-4a72-a9e9-3dbd6c60ac18",
        "discovery": "EXTERNAL"
      },
      "title": "Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-12392",
    "datePublished": "2025-03-20T10:11:36.215Z",
    "dateReserved": "2024-12-09T22:03:36.415Z",
    "dateUpdated": "2025-03-20T18:38:23.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-22728

CVE-2024-12392 (GCVE-0-2024-12392)

Tags

Sightings

Nomenclature