Arbitrary File Read Vulnerability in GPT Academic
Overview
CVE-2025-25185 is a critical vulnerability discovered in GPT Academic, a platform that provides interactive interfaces for large language models. The vulnerability arises due to improper handling of symbolic links (soft links) in versions 3.91 and earlier. Attackers can exploit this flaw to read arbitrary files on the server, potentially exposing sensitive information.
Vulnerability Details
CVE ID: CVE-2025-25185
Severity: 7.5 (HIGH)
Affected Versions: GPT Academic 3.91 and earlier
Published Date: March 03, 2025
Vulnerability Type: Improper Handling of Symbolic Links
Impact: Arbitrary File Read
Technical Description
GPT Academic allows users to upload files, including compressed archives like .tar.gz. However, the application fails to properly validate symbolic links within these archives. An attacker can craft a malicious .tar.gz file containing a symbolic link that points to a sensitive file on the server (e.g., /etc/passwd or configuration files). When the server decompresses and processes the uploaded archive, the symbolic link is resolved, allowing the attacker to access the target file.
Exploitation Scenario
Crafting the Malicious Archive:
The attacker creates a symbolic link named
malicious_linkpointing to a sensitive file on the server, such as/etc/passwd.The symbolic link is packaged into a
.tar.gzfile using the following commands:ln -s /etc/passwd malicious_link tar -czvf exploit.tar.gz malicious_link
The resulting
exploit.tar.gzfile contains the symbolic link.
Uploading the Malicious Archive:
The attacker uploads the
exploit.tar.gzfile to the GPT Academic platform.The server decompresses the archive, resolving the symbolic link to the target file.
Accessing the Sensitive File:
The attacker accesses the decompressed file through the platform's interface.
Since the symbolic link points to
/etc/passwd, the attacker can read the contents of the file, gaining access to sensitive system information.
Impact
Data Exposure: Attackers can read any file on the server that the application has permission to access, including configuration files, environment variables, and user data.
Privilege Escalation: If sensitive credentials or keys are exposed, attackers may escalate their privileges or move laterally within the system.
Reputation Damage: Unauthorized access to sensitive data can lead to loss of trust and reputational damage for the organization.
Mitigation
Upgrade to the Latest Version:
The developers of GPT Academic have released a patch in version 3.92 that addresses this vulnerability. Users should upgrade immediately.
Input Validation:
Implement strict validation of uploaded files, ensuring that symbolic links are not allowed in compressed archives.
File Access Restrictions:
Restrict the application's file system permissions to limit access to sensitive files.
- Security Audits:
Conduct regular security audits to identify and remediate potential vulnerabilities in the application.
Code Example: Secure File Upload Handling
Below is an example of how to securely handle file uploads to prevent symbolic link exploitation:
import os import tarfile def safe_extract_tar(file_path, extract_dir): """Safely extract a tar.gz file, ensuring no symbolic links are present.""" with tarfile.open(file_path, "r:gz") as tar: for member in tar.getmembers(): if member.issym() or member.islnk(): raise ValueError("Symbolic links are not allowed in the archive.") # Ensure the extraction path is within the target directory member_path = os.path.join(extract_dir, member.name) if not os.path.abspath(member_path).startswith(os.path.abspath(extract_dir)): raise ValueError("Invalid file path in archive.") tar.extractall(path=extract_dir) # Example usage try: safe_extract_tar("uploaded_file.tar.gz", "/safe/extract/dir") except ValueError as e: print(f"Error: {e}")
Conclusion
CVE-2025-25185 highlights the importance of proper file handling and input validation in web applications. By upgrading to the latest version of GPT Academic and implementing secure coding practices, organizations can mitigate the risk of similar vulnerabilities and protect their systems from unauthorized access.