Back to search
CVE-2025-27600
Published: Mar 6, 2025
Modified: Mar 6, 2025
PUBLISHED
Description
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.
| Vendor | Product | Versions |
|---|---|---|
labring | FastGPT | affected < 4.9.0 |
Weaknesses (CWE)
References
https://github.com/labring/FastGPT/security/advisories/GHSA-vc67-62v5-8cwx
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now