Primary

Context

FastGPT Intranet SSRF Vulnerability Allowing Access to Private Data

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in FastGPT versions prior to 4.9.0. The issue arises because the web crawling plugin does not validate intranet IP addresses. This lack of verification allows an attacker to send requests through the intranet, potentially accessing private data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive intranet data.

Remediation

Users can upgrade to FastGPT version 4.9.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FastGPT Intranet SSRF Vulnerability Allowing Access to Private Data

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating