VYPR
Medium severity6.3OSV Advisory· Published Aug 26, 2025· Updated Apr 15, 2026

CVE-2025-57818

CVE-2025-57818

Description

Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with arbitrary headers, which may have allowed access to internal systems. This has been fixed in version 2.0.1. If upgrading is not possible, it is recommend to isolate Firecrawl from any sensitive internal systems.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mendableai/FirecrawlOSV2 versions
    1.4.1, v.1.3.0, v1.0.0, …+ 1 more
    • (no CPE)range: 1.4.1, v.1.3.0, v1.0.0, …
    • (no CPE)range: <2.0.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.