CVE-2025-62612
- EPSS 0.22%
- Veröffentlicht 22.10.2025 20:45:17
- Zuletzt bearbeitet 29.12.2025 19:08:53
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1.
CVE-2025-52552
- EPSS 0.23%
- Veröffentlicht 21.06.2025 02:15:07
- Zuletzt bearbeitet 29.12.2025 19:06:40
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicio...
CVE-2025-49131
- EPSS 0.37%
- Veröffentlicht 09.06.2025 12:42:46
- Zuletzt bearbeitet 29.12.2025 19:09:21
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely ...
CVE-2025-27600
- EPSS 0.25%
- Veröffentlicht 06.03.2025 19:15:28
- Zuletzt bearbeitet 29.12.2025 19:09:01
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and pote...