CVE-2025-10236 | binary-husky gpt_academic up to 3.91 LaTeX File latex_toolbox.py merge_tex_files_ input{} path traversal

A vulnerability was found in binary-husky gpt_academic up to 3.91. It has been declared as problematic. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation of the argument input{} leads to path traversal.

This vulnerability is traded as CVE-2025-10236. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10236 | binary-husky gpt_academic up to 3.91 LaTeX File latex_toolbox.py merge_tex_files_ input{} path traversal

Post correlati

CVE-2025-6762 | diyhi bbs up to 6.8 HTTP Header /admin/login getUrl Host server-side request forgery

CVE-2025-27240 | Zabbix up to 6.0.33/6.4.18/7.0.3 Visible name sql injection

CVE-2024-7913 | itsourcecode Billing System 1.0 /addclient1.php lname/fname/mi/address/contact/meterReader sql injection

CVE-2025-29689 | hailey888 oa_system prior 2025.01.01 MailController.java Password cross site scripting