VYPR
High severity8.5OSV Advisory· Published Nov 25, 2025· Updated Apr 15, 2026

CVE-2025-62155

CVE-2025-62155

Description

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successfully access the intranet. This issue has been patched in version 0.9.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/QuantumNous/new-apiGo
< 0.9.60.9.6

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.

CVE-2025-62155 · High · VYPR