CVE-2025-55149

Name of the Vulnerable Software and Affected Versions Tiny-Scientist versions 0.1.1 and below

Description Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research. A path traversal vulnerability has been identified in the review paper function in backend/app.py. This allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass security restrictions. Attackers can read any PDF file accessible to the server process, potentially accessing sensitive documents and performing reconnaissance on the server's file system structure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.