A critical remote code execution vulnerability has been discovered in multiple GPT Academic products. This flaw allows an unauthenticated remote attacker to take complete control of an affected system by uploading a malicious file, which can lead to data theft, service disruption, and further network compromise. Due to its high severity and ease of exploitation, immediate remediation is required.

This vulnerability is an unauthenticated remote code execution flaw located in the file upload functionality of the affected software. The core issue is the insecure deserialization of user-supplied data. An attacker can craft a malicious file and upload it to the application's upload endpoint; the application then deserializes this data without proper validation, executing code embedded within the file with root-level privileges on the target system.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would result in a complete compromise of the affected server. An attacker could exfiltrate sensitive data, install ransomware, destroy critical information, or use the compromised system as a pivot point to attack other internal network resources. The potential business impact includes significant data breaches, operational downtime, financial loss, and severe reputational damage.

Immediate Action: Update GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Multiple Products to the latest version. After patching, monitor for any signs of post-exploitation activity and review historical access logs for potential exploitation attempts that may have occurred prior to remediation.

Proactive Monitoring: Organizations should monitor web server and application logs for unusual or malformed requests to the upload endpoint. Security teams should be alert for unexpected processes being spawned by the GPT Academic application, anomalous outbound network traffic from the server, and any unauthorized file modifications.

Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:

• Use a Web Application Firewall (WAF) to inspect and block malicious payloads targeting the upload endpoint.
• Restrict network access to the application, particularly the upload functionality, to only trusted IP addresses.
• Run the application with the least privilege possible to limit the impact of a potential compromise (i.e., not as root).

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the fact that no authentication is required for exploitation, this vulnerability poses an immediate and severe risk to the organization. We strongly recommend that all affected systems be patched immediately. Although this CVE is not currently listed on the CISA KEV catalog, its characteristics make it a likely candidate for future inclusion once active exploitation is observed. Prioritize this patch above all other routine updates.