What is the CVSS score of CVE-2025-25185?

CVE-2025-25185 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.3%.

Which versions of Gpt Academic are affected by CVE-2025-25185?

CVE-2025-25185 presents notable security risk rated CVSS 7.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2025-25185?

Yes, a public proof-of-concept exploit is available for CVE-2025-25185. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-25185?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Gpt Academic CVE-2025-25185

HIGH

Improper Link Resolution Before File Access (CWE-59)

2025-03-03 security-advisories@github.com

Information Disclosure Gpt Academic

7.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:29 vuln.today

Patch released

Mar 28, 2026 - 18:29 nvd

Patch available

PoC Detected

Mar 07, 2025 - 20:43 vuln.today

Public exploit code

CVE Published

Mar 03, 2025 - 16:15 nvd

HIGH 7.5

DescriptionGitHub Advisory

GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server.

AnalysisAI

GPT Academic provides interactive interfaces for large language models. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-59. GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server. Affected products include: Binary-Husky Gpt Academic.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-25185 vulnerability details – vuln.today

Back

Gpt Academic CVE-2025-25185

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code