QwikSec

Security Database

CVE

CWE

Training

CVE-2025-52552

Published: Jun 21, 2025

Modified: Jun 23, 2025

PUBLISHED

Description

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.

Vendor	Product	Versions
labring	FastGPT	affected `< 4.9.12`

Weaknesses (CWE)

References

https://github.com/labring/FastGPT/security/advisories/GHSA-r976-rfrv-q24m

x_refsource_CONFIRM

https://github.com/labring/FastGPT/commit/095b75ee27746004106eddeaa4840688a61ff6eb

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.