CNNVD-202510-2441 Information
CNNVD ID
CNNVD-202510-2441
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
Lobe Chat是LobeHub开源的一个开源、高性能的聊天机器人框架。 Lobe Chat 1.136.1版本存在代码问题漏洞,该漏洞源于tools.search.crawlPages tRPC端点未验证或限制内部网络地址,可能导致服务端请求伪造攻击。
Description (English)
Lobe Chat is an open source, high-performance chat robotic framework for the LobeHub open source. Release Lobe Chat 1.136.1 has a code problem loophole, which stems from the failure of the tools.search.crawlPages tRPC endpoint to verify or limit the internal network address, which may result in a service-side request for a false attack.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
LobeHub
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/lobehub/lobe-chat/commit/8d59583dca16f218b99213d641733d8ba77f182c https://github.com/lobehub/lobe-chat/security/advisories/GHSA-fgx4-p8xf-qhp9 https://access.redhat.com/security/cve/cve-2025-62505
Patch
https://github.com/lobehub/lobe-chat/releases
Share on: