QwikSec

Security Database

CVE

CWE

Training

CVE-2025-57818

Published: Aug 26, 2025

Modified: Aug 26, 2025

PUBLISHED

CVSS v3.1

6.3

MEDIUM

Description

Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with arbitrary headers, which may have allowed access to internal systems. This has been fixed in version 2.0.1. If upgrading is not possible, it is recommend to isolate Firecrawl from any sensitive internal systems.

Vendor	Product	Versions
firecrawl	firecrawl	affected `< 2.0.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://github.com/firecrawl/firecrawl/security/advisories/GHSA-p2wg-prhf-jx79

x_refsource_CONFIRM

https://github.com/firecrawl/firecrawl/commit/b15fae51a760e9810a66bbfde5d5693d0df3fbeb

x_refsource_MISC

https://github.com/firecrawl/firecrawl/commit/e8cf0985b07968061a6b684b58097732e827ed46

x_refsource_MISC

https://github.com/firecrawl/firecrawl/releases/tag/v2.0.1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.