What is CVE-2025-55149?

## Description A critical path traversal vulnerability (CWE-22) has been identified in the `review_paper` function in `backend/app.py`. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions. ## Impact This vulnerability allows attackers to: - Read any PDF file accessible to the server process - Potentially access sensitive documents outside the intended directory - Perform reconnaissance on the server's file system structure ## Vulnerable Code The issue occurs in the `review_paper` function around line 744: ```python if pdf_path.startswith("/api/files/"): # Safe path handling for API routes relative_path = pdf_path[len("/api/files/"):] generated_base = os.path.join(project_root, "generated") absolute_pdf_path = os.path.join(generated_base, relative_path) else: absolute_pdf_path = pdf_path # VULNERABLE: Direct use of user input ``` ## Proof of Concept ```bash curl -X POST http://localhost:5000/api/review \ -H "Content-Type: application/json" \ -d '{"pdf_path": "/etc/passwd"}' ``` ## Credit This vulnerability was discovered and reported by Ruizhe.

What is the severity of CVE-2025-55149?

CVE-2025-55149 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2025-55149?

No known public exploits are currently available for CVE-2025-55149.

Is there a patch available for CVE-2025-55149?

Yes, patches are available for CVE-2025-55149. Check the vendor advisories for update instructions.

CVE-2025-55149 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score0.0

None

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

0.0

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

A critical path traversal vulnerability (CWE-22) has been identified in the review_paper function in backend/app.py. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions.

Impact

This vulnerability allows attackers to:

Read any PDF file accessible to the server process
Potentially access sensitive documents outside the intended directory
Perform reconnaissance on the server's file system structure

Vulnerable Code

The issue occurs in the review_paper function around line 744:

if pdf_path.startswith("/api/files/"):
    # Safe path handling for API routes
    relative_path = pdf_path[len("/api/files/"):]
    generated_base = os.path.join(project_root, "generated")
    absolute_pdf_path = os.path.join(generated_base, relative_path)
else:
    absolute_pdf_path = pdf_path  # VULNERABLE: Direct use of user input

Proof of Concept

curl -X POST http://localhost:5000/api/review \
  -H "Content-Type: application/json" \
  -d '{"pdf_path": "/etc/passwd"}'

Credit

This vulnerability was discovered and reported by Ruizhe.

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-

Patch References

Github.com