High severity8.5OSV Advisory· Published Nov 25, 2025· Updated Apr 15, 2026

CVE-2025-62155

Description

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successfully access the intranet. This issue has been patched in version 0.9.6.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/QuantumNous/new-apiGo	< 0.9.6	0.9.6

Affected products

Quantumnous/New APIOSV

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-9f46-w24h-69w4ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-62155ghsaADVISORY
github.com/QuantumNous/new-api/commit/e8966c73746d35bb7f4f014ad1195a96d445cacdghsaWEB
github.com/QuantumNous/new-api/security/advisories/GHSA-9f46-w24h-69w4nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.552
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000