CVE-2025-28197

Vulnerability

Crawl4AI is an open-source LLM-friendly web crawler and scraper [1]. In versions up to and including 0.4.247, the async_dispatcher.py module contains a Server-Side Request Forgery (SSRF) flaw [2]. The root cause is that user-supplied input is not sufficiently validated before being used to construct outbound HTTP requests from the server, enabling an attacker to specify arbitrary internal or external URLs [3].

Exploitation

An attacker can exploit this by sending a crafted request to the Crawl4AI service that triggers the vulnerable dispatcher logic. No authentication is required if the service is exposed; the attacker only needs network access to the target instance. By manipulating parameters that control the target URL, the server can be coerced into sending requests to internal IPs, cloud metadata endpoints, or other restricted services [3].

Impact

A successful SSRF attack can lead to unauthorized access to internal network resources, such as cloud instance metadata (e.g., AWS, GCP), internal APIs, or other services that should not be reachable from the internet. This can result in information disclosure, credential theft, and lateral movement within the infrastructure [3].

Mitigation

The vulnerability affects Crawl4AI version 0.4.247 and earlier. Users should upgrade to a patched version if available. The official GitHub repository may provide updates; as of this writing, no explicit patch link is provided in the references, but the project is actively maintained [1]. Operators should also restrict network access to the Crawl4AI service and apply input validation rules to prevent SSRF.