CVE-2025-25185

Name of the Vulnerable Software and Affected Versions GPT Academic versions 3.91 and earlier

Description The issue arises from the improper handling of soft links in GPT Academic. An attacker can exploit this by creating a malicious soft link file, packaging it into a tar.gz file, and uploading it to the server. When the file is decompressed and accessed, the soft link points to a target file on the victim server, allowing attackers to read all files on the server.

Recommendations For versions 3.91 and earlier, update to a version that properly accounts for soft links to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature to minimize the risk of exploitation. Avoid using the file upload feature with untrusted sources until the issue is resolved.