Medium severity6.3OSV Advisory· Published Aug 26, 2025· Updated Apr 15, 2026
CVE-2025-57818
CVE-2025-57818
Description
Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with arbitrary headers, which may have allowed access to internal systems. This has been fixed in version 2.0.1. If upgrading is not possible, it is recommend to isolate Firecrawl from any sensitive internal systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.4.1, v.1.3.0, v1.0.0, …+ 1 more
- (no CPE)range: 1.4.1, v.1.3.0, v1.0.0, …
- (no CPE)range: <2.0.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.