GPT Academic Server-Side Request Forgery Vulnerability in HotReload Plugin

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in GPT Academic version 3.83. This issue arises in the HotReload plugin function, which improperly sanitizes API calls to crazy_utils.get_files_from_everything(). As a result, attackers can exploit this vulnerability to misuse the credentials of the affected GPT Academic instance's Gradio Web server, gaining unauthorized access to web resources.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, enabling attackers to access internal resources or external services on behalf of the vulnerable server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GPT Academic Server-Side Request Forgery Vulnerability in HotReload Plugin

Vulnerability

Impact

Affected Products

GPT Academic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating