{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-10236","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-10T14:15:32.218Z","datePublished":"2025-09-11T01:02:07.190Z","dateUpdated":"2025-09-11T13:22:17.633Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-11T01:02:07.190Z"},"title":"binary-husky gpt_academic LaTeX File latex_toolbox.py merge_tex_files_ path traversal","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-22","lang":"en","description":"Path Traversal"}]}],"affected":[{"vendor":"binary-husky","product":"gpt_academic","versions":[{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"},{"version":"3.2","status":"affected"},{"version":"3.3","status":"affected"},{"version":"3.4","status":"affected"},{"version":"3.5","status":"affected"},{"version":"3.6","status":"affected"},{"version":"3.7","status":"affected"},{"version":"3.8","status":"affected"},{"version":"3.9","status":"affected"},{"version":"3.10","status":"affected"},{"version":"3.11","status":"affected"},{"version":"3.12","status":"affected"},{"version":"3.13","status":"affected"},{"version":"3.14","status":"affected"},{"version":"3.15","status":"affected"},{"version":"3.16","status":"affected"},{"version":"3.17","status":"affected"},{"version":"3.18","status":"affected"},{"version":"3.19","status":"affected"},{"version":"3.20","status":"affected"},{"version":"3.21","status":"affected"},{"version":"3.22","status":"affected"},{"version":"3.23","status":"affected"},{"version":"3.24","status":"affected"},{"version":"3.25","status":"affected"},{"version":"3.26","status":"affected"},{"version":"3.27","status":"affected"},{"version":"3.28","status":"affected"},{"version":"3.29","status":"affected"},{"version":"3.30","status":"affected"},{"version":"3.31","status":"affected"},{"version":"3.32","status":"affected"},{"version":"3.33","status":"affected"},{"version":"3.34","status":"affected"},{"version":"3.35","status":"affected"},{"version":"3.36","status":"affected"},{"version":"3.37","status":"affected"},{"version":"3.38","status":"affected"},{"version":"3.39","status":"affected"},{"version":"3.40","status":"affected"},{"version":"3.41","status":"affected"},{"version":"3.42","status":"affected"},{"version":"3.43","status":"affected"},{"version":"3.44","status":"affected"},{"version":"3.45","status":"affected"},{"version":"3.46","status":"affected"},{"version":"3.47","status":"affected"},{"version":"3.48","status":"affected"},{"version":"3.49","status":"affected"},{"version":"3.50","status":"affected"},{"version":"3.51","status":"affected"},{"version":"3.52","status":"affected"},{"version":"3.53","status":"affected"},{"version":"3.54","status":"affected"},{"version":"3.55","status":"affected"},{"version":"3.56","status":"affected"},{"version":"3.57","status":"affected"},{"version":"3.58","status":"affected"},{"version":"3.59","status":"affected"},{"version":"3.60","status":"affected"},{"version":"3.61","status":"affected"},{"version":"3.62","status":"affected"},{"version":"3.63","status":"affected"},{"version":"3.64","status":"affected"},{"version":"3.65","status":"affected"},{"version":"3.66","status":"affected"},{"version":"3.67","status":"affected"},{"version":"3.68","status":"affected"},{"version":"3.69","status":"affected"},{"version":"3.70","status":"affected"},{"version":"3.71","status":"affected"},{"version":"3.72","status":"affected"},{"version":"3.73","status":"affected"},{"version":"3.74","status":"affected"},{"version":"3.75","status":"affected"},{"version":"3.76","status":"affected"},{"version":"3.77","status":"affected"},{"version":"3.78","status":"affected"},{"version":"3.79","status":"affected"},{"version":"3.80","status":"affected"},{"version":"3.81","status":"affected"},{"version":"3.82","status":"affected"},{"version":"3.83","status":"affected"},{"version":"3.84","status":"affected"},{"version":"3.85","status":"affected"},{"version":"3.86","status":"affected"},{"version":"3.87","status":"affected"},{"version":"3.88","status":"affected"},{"version":"3.89","status":"affected"},{"version":"3.90","status":"affected"},{"version":"3.91","status":"affected"}],"modules":["LaTeX File Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation of the argument \\input{} leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Es wurde eine Schwachstelle in binary-husky gpt_academic bis 3.91 entdeckt. Betroffen hiervon ist die Funktion merge_tex_files_ der Datei crazy_functions/latex_fns/latex_toolbox.py der Komponente LaTeX File Handler. Durch das Manipulieren des Arguments \\input{} mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgeführt werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-10T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-10T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-10T16:22:12.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"d3do (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.323505","name":"VDB-323505 | binary-husky gpt_academic LaTeX File latex_toolbox.py merge_tex_files_ path traversal","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.323505","name":"VDB-323505 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.640977","name":"Submit #640977 | gpt_academic latest Absolute Path Traversal","tags":["third-party-advisory"]},{"url":"https://github.com/d3do-23/cvelist/blob/main/gpt_academic/Plugins_LFI.md","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-11T13:16:37.113307Z","id":"CVE-2025-10236","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-11T13:22:17.633Z"}}]}}