CVE-2025-10236 is a path traversal vulnerability identified in the binary-husky gpt_academic software, specifically affecting versions up to 3.91. The vulnerability resides in the function merge_tex_files_ within the file crazy_functions/latex_fns/latex_toolbox.py, which is part of the LaTeX File Handler component. The issue arises due to improper sanitization or validation of the argument passed to the \input{} command in LaTeX files. This allows an attacker to manipulate the input path, enabling traversal outside the intended directory structure. Such path traversal can lead to unauthorized access to arbitrary files on the system where gpt_academic is running. The vulnerability can be exploited remotely without requiring user interaction, and no authentication is needed, increasing the risk profile. The vendor was notified early but has not responded or issued a patch, and while public exploit code has not been reported in the wild, the exploit details are publicly available, increasing the likelihood of future exploitation. The CVSS 4.0 score is 5.3 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and limited impact on confidentiality only. The vulnerability does not affect integrity or availability directly. The affected product is used for academic or research purposes involving LaTeX document processing, which may be deployed in educational institutions, research organizations, and related environments.

For European organizations, this vulnerability poses a risk primarily to academic, research, and educational institutions that utilize the gpt_academic software for LaTeX document processing. Successful exploitation could allow attackers to read sensitive files on the host system, potentially exposing confidential research data, intellectual property, or personal information. Although the vulnerability does not directly impact system integrity or availability, unauthorized file disclosure can lead to further targeted attacks or data breaches. Given the remote exploitability and lack of required authentication, attackers could leverage this vulnerability to gain footholds in networks or escalate privileges by harvesting sensitive configuration or credential files. The impact is heightened in environments where gpt_academic is integrated into automated workflows or exposed to untrusted inputs, such as public-facing document submission portals. The absence of vendor response and patches increases the window of exposure, necessitating proactive mitigation by affected organizations.

1. Immediate mitigation should include restricting network access to gpt_academic services, limiting exposure to trusted internal networks only. 2. Implement input validation and sanitization at the application or proxy level to block malicious \input{} arguments containing path traversal sequences (e.g., ../). 3. Use containerization or sandboxing to isolate the gpt_academic process, minimizing the impact of potential file access beyond intended directories. 4. Monitor file access logs and system logs for unusual activity indicative of path traversal exploitation attempts. 5. Where possible, replace or upgrade to versions of gpt_academic that have addressed this vulnerability once available. 6. As a temporary workaround, restrict file system permissions of the user running gpt_academic to limit accessible files to only those necessary for operation. 7. Educate users and administrators about the risk of processing untrusted LaTeX inputs and encourage cautious handling of external documents. 8. Employ Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS) with custom rules to detect and block exploitation attempts targeting \input{} parameters.