CNNVD-202506-2850 Information

CNNVD ID

CNNVD-202506-2850

Related CVE

CVE-2025-52552

• CNNVD Published: 2025-06-21

Description (Chinese)

FastGPT是labring开源的一款基于大语言模型的开源知识库问答系统。 FastGPT 4.9.12之前版本存在输入验证错误漏洞，该漏洞源于LastRoute参数验证不足，可能导致开放重定向和DOM型跨站脚本攻击。

Description (English)

FastGPT is an open-source knowledge base question-and-answer system based on a large-language model of the labring open source. The previous version of FastGPT 4.9.12 had an input validation error loophole, which stemmed from the inadequate verification of LastRoute parameters and could lead to open redirection and DOM-type cross-site script attacks.

Hazard Level

Low

Vulnerability Type

输入验证错误

Affected Vendor

labring

Published

2025-06-21

Last Modified

2026-02-24

References

https://github.com/labring/FastGPT/commit/095b75ee27746004106eddeaa4840688a61ff6eb https://github.com/labring/FastGPT/security/advisories/GHSA-r976-rfrv-q24m

Patch

https://github.com/labring/FastGPT/releases