The vulnerability arises from the manim plugin in the gpt_academic project, which allows user-provided prompts to generate and execute untrusted code without proper sandboxing. This can lead to remote code execution (RCE) on the server running the application. The root cause is the lack of input validation and sandboxing when executing LLM-generated code, which allows an attacker to inject malicious code through crafted prompts.

An attacker can exploit this vulnerability by crafting a malicious prompt that includes code to be executed on the server. When the manim plugin processes this prompt, it generates and executes the injected code, leading to the creation of a file on the server or other malicious actions. For example, an attacker can create a file named manim_pwned on the server by including a specific command in the prompt.

Users and administrators of the gpt_academic project who have the manim plugin installed and are running the main branch are affected by this vulnerability.