CVE-2024-12390 HIGH

CVE-2024-12390: Remote Code Execution in binary-husky/gpt_academic

Vendor Binary-Husky
Product binary-husky/gpt_academic
Weakness CWE-59
Published March 20, 2025
Last update October 15, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. This can lead to remote code execution by writing to sensitive files such as SSH keys, crontab files, or the application's own code.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
October 15, 2025 Record updated