SSRF in Labring Fastgpt

CVE-2025-62612

FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1.

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (12.8th percentile) — read the EPSS interpretation.

Affected products

Labring Fastgpt — versions < 4.11.1

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

https://github.com/labring/FastGPT/security/advisories/GHSA-573g-3567-8phg (x_refsource_CONFIRM)