CVE-2025-0191

MEDIUM6.5EPSS 0.28%

Published: 3/20/2025Modified: 5/21/2026

Description

A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailability for legitimate users.

Affected packages (1)

PyPI/chuanhuchatgptfrom 0, <= 20240914

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (1)

EXPLOIThttps://huntr.com/bounties/c89a1dfd-a733-41b3-af20-6ef6024361eb