CVE-2025-10236

Summary

A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation of the argument \input{} leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
binary-huskygpt_academic3.0affected
binary-huskygpt_academic3.1affected
binary-huskygpt_academic3.2affected
binary-huskygpt_academic3.3affected
binary-huskygpt_academic3.4affected
binary-huskygpt_academic3.5affected
binary-huskygpt_academic3.6affected
binary-huskygpt_academic3.7affected
binary-huskygpt_academic3.8affected
binary-huskygpt_academic3.9affected
binary-huskygpt_academic3.10affected
binary-huskygpt_academic3.11affected
binary-huskygpt_academic3.12affected
binary-huskygpt_academic3.13affected
binary-huskygpt_academic3.14affected
binary-huskygpt_academic3.15affected
binary-huskygpt_academic3.16affected
binary-huskygpt_academic3.17affected
binary-huskygpt_academic3.18affected
binary-huskygpt_academic3.19affected
binary-huskygpt_academic3.20affected
binary-huskygpt_academic3.21affected
binary-huskygpt_academic3.22affected
binary-huskygpt_academic3.23affected
binary-huskygpt_academic3.24affected
binary-huskygpt_academic3.25affected
binary-huskygpt_academic3.26affected
binary-huskygpt_academic3.27affected
binary-huskygpt_academic3.28affected
binary-huskygpt_academic3.29affected
binary-huskygpt_academic3.30affected
binary-huskygpt_academic3.31affected
binary-huskygpt_academic3.32affected
binary-huskygpt_academic3.33affected
binary-huskygpt_academic3.34affected
binary-huskygpt_academic3.35affected
binary-huskygpt_academic3.36affected
binary-huskygpt_academic3.37affected
binary-huskygpt_academic3.38affected
binary-huskygpt_academic3.39affected
binary-huskygpt_academic3.40affected
binary-huskygpt_academic3.41affected
binary-huskygpt_academic3.42affected
binary-huskygpt_academic3.43affected
binary-huskygpt_academic3.44affected
binary-huskygpt_academic3.45affected
binary-huskygpt_academic3.46affected
binary-huskygpt_academic3.47affected
binary-huskygpt_academic3.48affected
binary-huskygpt_academic3.49affected
binary-huskygpt_academic3.50affected
binary-huskygpt_academic3.51affected
binary-huskygpt_academic3.52affected
binary-huskygpt_academic3.53affected
binary-huskygpt_academic3.54affected
binary-huskygpt_academic3.55affected
binary-huskygpt_academic3.56affected
binary-huskygpt_academic3.57affected
binary-huskygpt_academic3.58affected
binary-huskygpt_academic3.59affected
binary-huskygpt_academic3.60affected
binary-huskygpt_academic3.61affected
binary-huskygpt_academic3.62affected
binary-huskygpt_academic3.63affected
binary-huskygpt_academic3.64affected
binary-huskygpt_academic3.65affected
binary-huskygpt_academic3.66affected
binary-huskygpt_academic3.67affected
binary-huskygpt_academic3.68affected
binary-huskygpt_academic3.69affected
binary-huskygpt_academic3.70affected
binary-huskygpt_academic3.71affected
binary-huskygpt_academic3.72affected
binary-huskygpt_academic3.73affected
binary-huskygpt_academic3.74affected
binary-huskygpt_academic3.75affected
binary-huskygpt_academic3.76affected
binary-huskygpt_academic3.77affected
binary-huskygpt_academic3.78affected
binary-huskygpt_academic3.79affected
binary-huskygpt_academic3.80affected
binary-huskygpt_academic3.81affected
binary-huskygpt_academic3.82affected
binary-huskygpt_academic3.83affected
binary-huskygpt_academic3.84affected
binary-huskygpt_academic3.85affected
binary-huskygpt_academic3.86affected
binary-huskygpt_academic3.87affected
binary-huskygpt_academic3.88affected
binary-huskygpt_academic3.89affected
binary-huskygpt_academic3.90affected
binary-huskygpt_academic3.91affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References