Unrated severityNVD Advisory· Published Mar 6, 2025· Updated Mar 6, 2025
FastGPT SSRF
CVE-2025-27600
Description
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/labring/FastGPT/security/advisories/GHSA-vc67-62v5-8cwxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.