Search criteria
8 vulnerabilities found for FastGPT by labring
CVE-2025-62612 (GCVE-0-2025-62612)
Vulnerability from nvd – Published: 2025-10-22 20:45 – Updated: 2025-10-23 17:34
VLAI?
Title
FastGPT File Reading Node SSRF Vulnerability
Summary
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T17:31:04.456135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T17:34:38.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FastGPT",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c 4.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T20:45:17.363Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-573g-3567-8phg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-573g-3567-8phg"
}
],
"source": {
"advisory": "GHSA-573g-3567-8phg",
"discovery": "UNKNOWN"
},
"title": "FastGPT File Reading Node SSRF Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62612",
"datePublished": "2025-10-22T20:45:17.363Z",
"dateReserved": "2025-10-16T19:24:37.268Z",
"dateUpdated": "2025-10-23T17:34:38.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52552 (GCVE-0-2025-52552)
Vulnerability from nvd – Published: 2025-06-21 02:15 – Updated: 2025-06-23 17:42
VLAI?
Title
FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS
Summary
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52552",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T17:42:22.771061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T17:42:33.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FastGPT",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T02:15:07.026Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-r976-rfrv-q24m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-r976-rfrv-q24m"
},
{
"name": "https://github.com/labring/FastGPT/commit/095b75ee27746004106eddeaa4840688a61ff6eb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/FastGPT/commit/095b75ee27746004106eddeaa4840688a61ff6eb"
}
],
"source": {
"advisory": "GHSA-r976-rfrv-q24m",
"discovery": "UNKNOWN"
},
"title": "FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52552",
"datePublished": "2025-06-21T02:15:07.026Z",
"dateReserved": "2025-06-18T03:55:52.034Z",
"dateUpdated": "2025-06-23T17:42:33.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49131 (GCVE-0-2025-49131)
Vulnerability from nvd – Published: 2025-06-09 12:42 – Updated: 2025-06-09 14:40
VLAI?
Title
FastGPT Sandbox Vulnerable to Sandbox Bypass
Summary
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
Severity ?
6.3 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49131",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T14:29:59.496605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T14:40:02.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FastGPT",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T12:42:46.513Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-f3pf-r3g7-g895",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-f3pf-r3g7-g895"
},
{
"name": "https://github.com/labring/FastGPT/pull/4958",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/FastGPT/pull/4958"
},
{
"name": "https://github.com/labring/FastGPT/commit/bb810a43a1c70683fab7f5fe993771e930a94426",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/FastGPT/commit/bb810a43a1c70683fab7f5fe993771e930a94426"
},
{
"name": "https://github.com/labring/FastGPT/pkgs/container/fastgpt-sandbox",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/FastGPT/pkgs/container/fastgpt-sandbox"
},
{
"name": "https://github.com/labring/FastGPT/releases/tag/v4.9.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/FastGPT/releases/tag/v4.9.11"
}
],
"source": {
"advisory": "GHSA-f3pf-r3g7-g895",
"discovery": "UNKNOWN"
},
"title": "FastGPT Sandbox Vulnerable to Sandbox Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49131",
"datePublished": "2025-06-09T12:42:46.513Z",
"dateReserved": "2025-06-02T10:39:41.633Z",
"dateUpdated": "2025-06-09T14:40:02.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27600 (GCVE-0-2025-27600)
Vulnerability from nvd – Published: 2025-03-06 19:05 – Updated: 2025-03-06 20:04
VLAI?
Title
FastGPT SSRF
Summary
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T20:00:38.269427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T20:04:06.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FastGPT",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T19:05:59.684Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-vc67-62v5-8cwx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-vc67-62v5-8cwx"
}
],
"source": {
"advisory": "GHSA-vc67-62v5-8cwx",
"discovery": "UNKNOWN"
},
"title": "FastGPT SSRF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27600",
"datePublished": "2025-03-06T19:05:59.684Z",
"dateReserved": "2025-03-03T15:10:34.078Z",
"dateUpdated": "2025-03-06T20:04:06.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62612 (GCVE-0-2025-62612)
Vulnerability from cvelistv5 – Published: 2025-10-22 20:45 – Updated: 2025-10-23 17:34
VLAI?
Title
FastGPT File Reading Node SSRF Vulnerability
Summary
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T17:31:04.456135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T17:34:38.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FastGPT",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c 4.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T20:45:17.363Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-573g-3567-8phg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-573g-3567-8phg"
}
],
"source": {
"advisory": "GHSA-573g-3567-8phg",
"discovery": "UNKNOWN"
},
"title": "FastGPT File Reading Node SSRF Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62612",
"datePublished": "2025-10-22T20:45:17.363Z",
"dateReserved": "2025-10-16T19:24:37.268Z",
"dateUpdated": "2025-10-23T17:34:38.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52552 (GCVE-0-2025-52552)
Vulnerability from cvelistv5 – Published: 2025-06-21 02:15 – Updated: 2025-06-23 17:42
VLAI?
Title
FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS
Summary
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52552",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T17:42:22.771061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T17:42:33.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FastGPT",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T02:15:07.026Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-r976-rfrv-q24m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-r976-rfrv-q24m"
},
{
"name": "https://github.com/labring/FastGPT/commit/095b75ee27746004106eddeaa4840688a61ff6eb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/FastGPT/commit/095b75ee27746004106eddeaa4840688a61ff6eb"
}
],
"source": {
"advisory": "GHSA-r976-rfrv-q24m",
"discovery": "UNKNOWN"
},
"title": "FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52552",
"datePublished": "2025-06-21T02:15:07.026Z",
"dateReserved": "2025-06-18T03:55:52.034Z",
"dateUpdated": "2025-06-23T17:42:33.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49131 (GCVE-0-2025-49131)
Vulnerability from cvelistv5 – Published: 2025-06-09 12:42 – Updated: 2025-06-09 14:40
VLAI?
Title
FastGPT Sandbox Vulnerable to Sandbox Bypass
Summary
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
Severity ?
6.3 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49131",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T14:29:59.496605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T14:40:02.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FastGPT",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T12:42:46.513Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-f3pf-r3g7-g895",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-f3pf-r3g7-g895"
},
{
"name": "https://github.com/labring/FastGPT/pull/4958",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/FastGPT/pull/4958"
},
{
"name": "https://github.com/labring/FastGPT/commit/bb810a43a1c70683fab7f5fe993771e930a94426",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/FastGPT/commit/bb810a43a1c70683fab7f5fe993771e930a94426"
},
{
"name": "https://github.com/labring/FastGPT/pkgs/container/fastgpt-sandbox",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/FastGPT/pkgs/container/fastgpt-sandbox"
},
{
"name": "https://github.com/labring/FastGPT/releases/tag/v4.9.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labring/FastGPT/releases/tag/v4.9.11"
}
],
"source": {
"advisory": "GHSA-f3pf-r3g7-g895",
"discovery": "UNKNOWN"
},
"title": "FastGPT Sandbox Vulnerable to Sandbox Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49131",
"datePublished": "2025-06-09T12:42:46.513Z",
"dateReserved": "2025-06-02T10:39:41.633Z",
"dateUpdated": "2025-06-09T14:40:02.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27600 (GCVE-0-2025-27600)
Vulnerability from cvelistv5 – Published: 2025-03-06 19:05 – Updated: 2025-03-06 20:04
VLAI?
Title
FastGPT SSRF
Summary
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T20:00:38.269427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T20:04:06.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FastGPT",
"vendor": "labring",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T19:05:59.684Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/labring/FastGPT/security/advisories/GHSA-vc67-62v5-8cwx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-vc67-62v5-8cwx"
}
],
"source": {
"advisory": "GHSA-vc67-62v5-8cwx",
"discovery": "UNKNOWN"
},
"title": "FastGPT SSRF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27600",
"datePublished": "2025-03-06T19:05:59.684Z",
"dateReserved": "2025-03-03T15:10:34.078Z",
"dateUpdated": "2025-03-06T20:04:06.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}