CVE-2025-0183

Summary

CVE-2025-0183 is a stored cross-site scripting (XSS) vulnerability affecting the Latex Proof-Reading Module of binary-husky/gpt_academic version 3.9.0. An attacker can exploit this flaw by injecting malicious scripts into the `debug_log.html` file, which is generated by the module. When an administrator visits this debug report, the injected scripts are executed, potentially enabling unauthorized actions and data access. This issue poses a serious risk to users, as it allows attackers to gain control over the administrator's session, potentially leading to significant security breaches. It is essential that users immediately update their systems to the latest version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.