CVE-2025-62612

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-62612

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62612.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-62612

Aliases

GHSA-573g-3567-8phg

Published

2025-10-22T20:45:17.363Z

Modified

2026-04-10T05:33:12.014387Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N CVSS Calculator

Summary

FastGPT File Reading Node SSRF Vulnerability

Details

FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-918"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62612.json"
}

References

Affected packages

Git / github.com/labring/fastgpt

Affected ranges

Type: GIT
Repo: https://github.com/labring/fastgpt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

37648d5c718bcb12bd85512e04f1a0aa065e001d

Affected versions

4.*

4.8.9-alpha

Other

delete

v0.*

v0.9

v1.*

v1.2

v1.4

v2.*

v2.0

v2.1

v2.2

v2.3

v2.4

v2.5

v2.6

v2.7

v2.7.1

v2.7.2

v2.8

v2.8.5

v2.9

v3.*

v3.0

v3.1

v3.2

v3.3

v3.4

v3.5

v3.7

v3.7.1

v3.7.3

v3.8

v3.8.1

v3.8.3

v3.8.4

v3.8.5

v3.8.6

v3.8.7

v3.8.8

v3.8.9

v3.9

v3.9.1

v3.9.2

v3.9.3

v3.9.4

v4.*

v4.0-beta

v4.10.0

v4.10.0-fix

v4.10.1

v4.10.1-alpha

v4.10.1-fix

v4.10.1-fix2

v4.10.1-fix3

v4.11.0

v4.11.1

v4.2

v4.2.1

v4.2.2

v4.3

v4.4.2

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.5

v4.5.1

v4.5.2

v4.6

v4.6.1

v4.6.1-alpha

v4.6.2

v4.6.2-alpha

v4.6.3

v4.6.3-alpha

v4.6.4

v4.6.4-alpha

v4.6.5

v4.6.5-alpha

v4.6.5-alpha2

v4.6.6

v4.6.6-alpha

v4.6.6-alpha2

v4.6.7

v4.6.7-alpha

v4.6.7-fix

v4.6.8

v4.6.8-alpha

v4.6.9

v4.6.9-alpha

v4.6.9-alpha2

v4.7

v4.7-alpha

v4.7-alpha2

v4.7-alpha3

v4.7.1

v4.7.1-alpha

v4.7.1-alpha2

v4.7.1-alpha3

v4.7.1-fix

v4.7.1-fix2

v4.8

v4.8-alpha

v4.8-alpha2

v4.8-alpha3

v4.8-preview

v4.8-preview2

v4.8-preview3

v4.8-preview4

v4.8.1

v4.8.1-alpha

v4.8.10

v4.8.10-alpha

v4.8.10-alpha2

v4.8.10-fix

v4.8.10-fix2

v4.8.11

v4.8.11-alpha

v4.8.11-alpha2

v4.8.11-beta

v4.8.11-fix

v4.8.12

v4.8.12-alpha

v4.8.12-beta

v4.8.12-fix

v4.8.13

v4.8.13-fix

v4.8.14

v4.8.14-alpha

v4.8.14-fix

v4.8.14-milvus-fix

v4.8.15

v4.8.15-alpha

v4.8.15-alpha2

v4.8.15-alpha3

v4.8.15-fix

v4.8.15-fix-emb-page

v4.8.15-fix2

v4.8.15-fix3

v4.8.16

v4.8.16-alpha

v4.8.16-beta

v4.8.17

v4.8.17-alpha

v4.8.17-fix-title

v4.8.18

v4.8.18-fix

v4.8.18-fix2

v4.8.19

v4.8.19-beta

v4.8.2

v4.8.20-fix

v4.8.20-fix2

v4.8.21

v4.8.21-fix

v4.8.22

v4.8.22-alpha

v4.8.23

v4.8.23-alpha

v4.8.23-fix

v4.8.23-fix2

v4.8.3

v4.8.4

v4.8.4-alpha

v4.8.4-fix

v4.8.5

v4.8.5-alpha

v4.8.6

v4.8.6-alpha

v4.8.6-alpha2

v4.8.7

v4.8.7-alpha

v4.8.7-alpha2

v4.8.8

v4.8.8-alpha

v4.8.8-alpha2

v4.8.8-fix

v4.8.8-fix2

v4.8.9

v4.8.9-alpha

v4.8.9-test

v4.9.0

v4.9.0-fix

v4.9.0-fix2

v4.9.1-fix

v4.9.1-fix2

v4.9.10

v4.9.10-alpha

v4.9.10-fix

v4.9.10-fix2

v4.9.11

v4.9.11-alpha

v4.9.12

v4.9.12-alpha

v4.9.13

v4.9.14

v4.9.14-fix

v4.9.2

v4.9.3

v4.9.4

v4.9.5

v4.9.5-alpha

v4.9.6

v4.9.6-alpha

v4.9.7

v4.9.7-alpha

v4.9.7-fix

v4.9.7-fix2

v4.9.8

v4.9.8-alpha

v4.9.9

v4.9.9-alpha

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62612.json"