CVE-2024-12388
Published: 20 March 2025
Summary
CVE-2024-12388 is a medium-severity Inefficient Regular Expression Complexity (CWE-1333) vulnerability in Binary-Husky Gpt Academic. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 35.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6998
Vulnerability details
A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker…
more
to send a small malicious payload to the server, causing it to become unresponsive and unable to handle any requests from other users.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The ReDoS vulnerability enables exploitation of the application's regex parsing weakness to cause excessive CPU usage, leading to denial of service on the endpoint.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.