fkie_nvd - fkie_cve-2025-10236

FKIE_CVE-2025-10236

Vulnerability from fkie_nvd - Published: 2025-09-11 02:15 - Updated: 2025-10-31 14:39

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation of the argument \input{} leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

URL	Tags
cna@vuldb.com	https://github.com/d3do-23/cvelist/blob/main/gpt_academic/Plugins_LFI.md	Exploit, Third Party Advisory, Mitigation
cna@vuldb.com	https://vuldb.com/?ctiid.323505	Permissions Required, VDB Entry
cna@vuldb.com	https://vuldb.com/?id.323505	Third Party Advisory, VDB Entry
cna@vuldb.com	https://vuldb.com/?submit.640977	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	binary-husky	gpt_academic	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:binary-husky:gpt_academic:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CD0A792-95C4-4685-A1AC-A4C8EE94DA8D",
              "versionEndIncluding": "3.91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation of the argument \\input{} leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
    }
  ],
  "id": "CVE-2025-10236",
  "lastModified": "2025-10-31T14:39:12.907",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-11T02:15:29.353",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "Mitigation"
      ],
      "url": "https://github.com/d3do-23/cvelist/blob/main/gpt_academic/Plugins_LFI.md"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.323505"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.323505"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?submit.640977"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Primary"
    }
  ]
}

CVE-2025-10236 (GCVE-0-2025-10236)

Vulnerability from cvelistv5 – Published: 2025-09-11 01:02 – Updated: 2025-09-11 13:22

Summary

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

4.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

CWE

CWE-22 - Path Traversal

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.323505	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.323505	signaturepermissions-required
	https://vuldb.com/?submit.640977	third-party-advisory
	https://github.com/d3do-23/cvelist/blob/main/gpt_…	exploit

Impacted products

	Vendor	Product	Version
	binary-husky	gpt_academic	Affected: 3.0 Affected: 3.1 Affected: 3.2 Affected: 3.3 Affected: 3.4 Affected: 3.5 Affected: 3.6 Affected: 3.7 Affected: 3.8 Affected: 3.9 Affected: 3.10 Affected: 3.11 Affected: 3.12 Affected: 3.13 Affected: 3.14 Affected: 3.15 Affected: 3.16 Affected: 3.17 Affected: 3.18 Affected: 3.19 Affected: 3.20 Affected: 3.21 Affected: 3.22 Affected: 3.23 Affected: 3.24 Affected: 3.25 Affected: 3.26 Affected: 3.27 Affected: 3.28 Affected: 3.29 Affected: 3.30 Affected: 3.31 Affected: 3.32 Affected: 3.33 Affected: 3.34 Affected: 3.35 Affected: 3.36 Affected: 3.37 Affected: 3.38 Affected: 3.39 Affected: 3.40 Affected: 3.41 Affected: 3.42 Affected: 3.43 Affected: 3.44 Affected: 3.45 Affected: 3.46 Affected: 3.47 Affected: 3.48 Affected: 3.49 Affected: 3.50 Affected: 3.51 Affected: 3.52 Affected: 3.53 Affected: 3.54 Affected: 3.55 Affected: 3.56 Affected: 3.57 Affected: 3.58 Affected: 3.59 Affected: 3.60 Affected: 3.61 Affected: 3.62 Affected: 3.63 Affected: 3.64 Affected: 3.65 Affected: 3.66 Affected: 3.67 Affected: 3.68 Affected: 3.69 Affected: 3.70 Affected: 3.71 Affected: 3.72 Affected: 3.73 Affected: 3.74 Affected: 3.75 Affected: 3.76 Affected: 3.77 Affected: 3.78 Affected: 3.79 Affected: 3.80 Affected: 3.81 Affected: 3.82 Affected: 3.83 Affected: 3.84 Affected: 3.85 Affected: 3.86 Affected: 3.87 Affected: 3.88 Affected: 3.89 Affected: 3.90 Affected: 3.91

Credits

d3do (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10236",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-11T13:16:37.113307Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-11T13:22:17.633Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "LaTeX File Handler"
          ],
          "product": "gpt_academic",
          "vendor": "binary-husky",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "status": "affected",
              "version": "3.5"
            },
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "status": "affected",
              "version": "3.11"
            },
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "status": "affected",
              "version": "3.14"
            },
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "status": "affected",
              "version": "3.16"
            },
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "status": "affected",
              "version": "3.20"
            },
            {
              "status": "affected",
              "version": "3.21"
            },
            {
              "status": "affected",
              "version": "3.22"
            },
            {
              "status": "affected",
              "version": "3.23"
            },
            {
              "status": "affected",
              "version": "3.24"
            },
            {
              "status": "affected",
              "version": "3.25"
            },
            {
              "status": "affected",
              "version": "3.26"
            },
            {
              "status": "affected",
              "version": "3.27"
            },
            {
              "status": "affected",
              "version": "3.28"
            },
            {
              "status": "affected",
              "version": "3.29"
            },
            {
              "status": "affected",
              "version": "3.30"
            },
            {
              "status": "affected",
              "version": "3.31"
            },
            {
              "status": "affected",
              "version": "3.32"
            },
            {
              "status": "affected",
              "version": "3.33"
            },
            {
              "status": "affected",
              "version": "3.34"
            },
            {
              "status": "affected",
              "version": "3.35"
            },
            {
              "status": "affected",
              "version": "3.36"
            },
            {
              "status": "affected",
              "version": "3.37"
            },
            {
              "status": "affected",
              "version": "3.38"
            },
            {
              "status": "affected",
              "version": "3.39"
            },
            {
              "status": "affected",
              "version": "3.40"
            },
            {
              "status": "affected",
              "version": "3.41"
            },
            {
              "status": "affected",
              "version": "3.42"
            },
            {
              "status": "affected",
              "version": "3.43"
            },
            {
              "status": "affected",
              "version": "3.44"
            },
            {
              "status": "affected",
              "version": "3.45"
            },
            {
              "status": "affected",
              "version": "3.46"
            },
            {
              "status": "affected",
              "version": "3.47"
            },
            {
              "status": "affected",
              "version": "3.48"
            },
            {
              "status": "affected",
              "version": "3.49"
            },
            {
              "status": "affected",
              "version": "3.50"
            },
            {
              "status": "affected",
              "version": "3.51"
            },
            {
              "status": "affected",
              "version": "3.52"
            },
            {
              "status": "affected",
              "version": "3.53"
            },
            {
              "status": "affected",
              "version": "3.54"
            },
            {
              "status": "affected",
              "version": "3.55"
            },
            {
              "status": "affected",
              "version": "3.56"
            },
            {
              "status": "affected",
              "version": "3.57"
            },
            {
              "status": "affected",
              "version": "3.58"
            },
            {
              "status": "affected",
              "version": "3.59"
            },
            {
              "status": "affected",
              "version": "3.60"
            },
            {
              "status": "affected",
              "version": "3.61"
            },
            {
              "status": "affected",
              "version": "3.62"
            },
            {
              "status": "affected",
              "version": "3.63"
            },
            {
              "status": "affected",
              "version": "3.64"
            },
            {
              "status": "affected",
              "version": "3.65"
            },
            {
              "status": "affected",
              "version": "3.66"
            },
            {
              "status": "affected",
              "version": "3.67"
            },
            {
              "status": "affected",
              "version": "3.68"
            },
            {
              "status": "affected",
              "version": "3.69"
            },
            {
              "status": "affected",
              "version": "3.70"
            },
            {
              "status": "affected",
              "version": "3.71"
            },
            {
              "status": "affected",
              "version": "3.72"
            },
            {
              "status": "affected",
              "version": "3.73"
            },
            {
              "status": "affected",
              "version": "3.74"
            },
            {
              "status": "affected",
              "version": "3.75"
            },
            {
              "status": "affected",
              "version": "3.76"
            },
            {
              "status": "affected",
              "version": "3.77"
            },
            {
              "status": "affected",
              "version": "3.78"
            },
            {
              "status": "affected",
              "version": "3.79"
            },
            {
              "status": "affected",
              "version": "3.80"
            },
            {
              "status": "affected",
              "version": "3.81"
            },
            {
              "status": "affected",
              "version": "3.82"
            },
            {
              "status": "affected",
              "version": "3.83"
            },
            {
              "status": "affected",
              "version": "3.84"
            },
            {
              "status": "affected",
              "version": "3.85"
            },
            {
              "status": "affected",
              "version": "3.86"
            },
            {
              "status": "affected",
              "version": "3.87"
            },
            {
              "status": "affected",
              "version": "3.88"
            },
            {
              "status": "affected",
              "version": "3.89"
            },
            {
              "status": "affected",
              "version": "3.90"
            },
            {
              "status": "affected",
              "version": "3.91"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "d3do (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation of the argument \\input{} leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in binary-husky gpt_academic bis 3.91 entdeckt. Betroffen hiervon ist die Funktion merge_tex_files_ der Datei crazy_functions/latex_fns/latex_toolbox.py der Komponente LaTeX File Handler. Durch das Manipulieren des Arguments \\input{} mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-11T01:02:07.190Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-323505 | binary-husky gpt_academic LaTeX File latex_toolbox.py merge_tex_files_ path traversal",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.323505"
        },
        {
          "name": "VDB-323505 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.323505"
        },
        {
          "name": "Submit #640977 | gpt_academic latest Absolute Path Traversal",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.640977"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/d3do-23/cvelist/blob/main/gpt_academic/Plugins_LFI.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-10T16:22:12.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "binary-husky gpt_academic LaTeX File latex_toolbox.py merge_tex_files_ path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-10236",
    "datePublished": "2025-09-11T01:02:07.190Z",
    "dateReserved": "2025-09-10T14:15:32.218Z",
    "dateUpdated": "2025-09-11T13:22:17.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-10236

CVE-2025-10236 (GCVE-0-2025-10236)

Tags

Sightings

Nomenclature