CVE-2025-62505
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-21
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lobehub | lobe-chat | 1.136.2 |
| lobehub | lobe-chat | 1.136.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-62505 is a Server-Side Request Forgery (SSRF) vulnerability in the LobeChat open source chat application, specifically in the web-crawler package version 1.136.1. It occurs when a client sends an arbitrary list of URLs along with the implementation parameter set to 'naive' to the tools.search.crawlPages tRPC endpoint. The server then fetches these URLs without validating or restricting access to internal network addresses such as localhost, private IP ranges, or cloud metadata endpoints. This allows an attacker with a valid user token or a development mode bypass header to make the server retrieve and disclose data from internal HTTP services, potentially exposing sensitive internal API data or cloud metadata credentials. The issue is fixed in version 1.136.2. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to access internal network resources that are normally inaccessible from outside, such as internal APIs, management ports, and cloud metadata services. This can lead to exposure of confidential information, leakage of authentication tokens or secret keys, unauthorized access to administrative interfaces, and potential lateral movement within the network. Essentially, it compromises the confidentiality of internal systems by allowing an attacker to make the server perform unauthorized requests to internal endpoints. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for tRPC POST requests to the tools.search.crawlPages endpoint that include a JSON body with an arbitrary 'urls' array and 'impls' containing the value 'naive'. In development mode, detection can also focus on requests containing the header 'lobe-auth-dev-backend-api: 1'. A proof-of-concept involves sending such a request and observing if the server fetches internal URLs like 'http://localhost:8889/internal-api'. Network detection could involve inspecting outbound HTTP requests from the server to internal IP addresses (e.g., 127.0.0.1, private IP ranges) or cloud metadata endpoints (169.254.169.254). Specific commands depend on your environment, but examples include using curl to simulate the exploit or network monitoring tools to detect unusual outbound requests to internal addresses. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update LobeChat to version 1.136.2 or later, where this vulnerability is fixed. There are no known workarounds. Additionally, restrict access to the vulnerable tRPC endpoint by limiting valid user tokens and disabling development mode or the 'lobe-auth-dev-backend-api' header usage in production environments. Monitoring and blocking outbound HTTP requests to internal IP ranges and metadata endpoints from the server can also help reduce risk until the update is applied. [1]