A critical remote code execution vulnerability has been identified in multiple GPT Academic products. This flaw allows an unauthenticated remote attacker to execute arbitrary code with the highest system privileges (root), leading to a complete compromise of the affected system. Due to the critical severity and lack of required authentication, immediate remediation is required to prevent potential data theft, system takeover, and further network intrusion.

The vulnerability exists within the run_in_subprocess_wrapper_func function of GPT Academic. The core issue is the insecure deserialization of untrusted data. A remote, unauthenticated attacker can send specially crafted data to the application, which is then processed by this function without proper validation. This allows the attacker's malicious data to be deserialized into executable code, resulting in arbitrary code execution in the context of the root user, granting the attacker full control over the target system.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would have a severe business impact, leading to a complete loss of confidentiality, integrity, and availability of the affected system. An attacker could steal sensitive data, deploy ransomware, disrupt critical business operations, destroy data, or use the compromised server as a pivot point to attack other internal network resources. The ability to gain root-level access without authentication makes this an extremely dangerous and easily exploitable flaw.

Immediate Action:

• Apply the security updates provided by the vendor immediately. Update all instances of GPT Academic Multiple Products to the latest version to patch this vulnerability.
• After patching, review system and application access logs for any signs of compromise or suspicious activity preceding the update.

Proactive Monitoring:

• Monitor network traffic for unusual or malformed requests targeting the GPT Academic application, particularly those that may contain serialized data payloads.
• Implement enhanced logging and monitor for any anomalous behavior from the GPT Academic service, such as unexpected child processes, outbound network connections, or errors related to the run_in_subprocess_wrapper_func function.
• Utilize security information and event management (SIEM) systems to create alerts for potential exploitation patterns.

Compensating Controls:

• If patching cannot be performed immediately, restrict network access to the affected services to only trusted IP addresses and subnets.
• Deploy a Web Application Firewall (WAF) with rules designed to inspect and block malicious serialized objects in transit.
• Run the application with the lowest possible user privileges, although the vulnerability context is noted as root, this is a best practice that may limit the impact of other potential flaws.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for unauthenticated, remote code execution with root privileges, this vulnerability poses a significant and immediate threat to the organization. We strongly recommend that the vendor-supplied patches be applied on an emergency basis to all affected systems. Although there is no evidence of active exploitation at this time, the severity of the flaw makes it a highly attractive target for threat actors, and a public exploit could emerge at any moment. Prioritize patching over implementing compensating controls.