CVE-2025-62612
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-12-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fastgpt | fastgpt | to 4.11.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Upgrade FastGPT to version 4.11.1 or later, as this version includes a patch that verifies network links in the workflow file reading node to prevent SSRF attacks.
How can this vulnerability impact me? :
The vulnerability can allow attackers to exploit the system by making unauthorized network requests through the vulnerable FastGPT workflow node. This can lead to unauthorized access to internal systems, data exposure, or further attacks within the network.
Can you explain this vulnerability to me?
This vulnerability in FastGPT prior to version 4.11.1 involves the workflow file reading node not verifying the security of network links, which allows for Server-Side Request Forgery (SSRF) attacks. SSRF attacks enable an attacker to make unauthorized requests from the vulnerable server to internal or external systems.