CVE-2025-27600

Vulnerability Description

FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.

Vulnerability Details

Published Date

March 06, 2025

Last Modified

March 06, 2025

Source

MITRE

Vendor

labring

Product

FastGPT

External References

https://github.com/labring/FastGPT/security/advisories/GHSA-vc67-62v5-8cwx

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment