CNNVD-202510-2801 Information

CNNVD ID

CNNVD-202510-2801

Related CVE

CVE-2025-62612

• CNNVD Published: 2025-10-22

Description (Chinese)

FastGPT是labring开源的一款基于大语言模型的开源知识库问答系统。 FastGPT 4.11.1之前版本存在代码问题漏洞，该漏洞源于工作流文件读取节点未验证网络链接，可能导致服务端请求伪造攻击。

Description (English)

FastGPT is an open-source knowledge base question-and-answer system based on a large-language model of the labring open source. There was a code problem loophole in the previous version of FastGPT 4.11.1, which arose from the failure of web links to the read-out node of the workflow file, which could lead the service to request a false attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

labring

Published

2025-10-22

Last Modified

2026-02-24

References

https://github.com/labring/FastGPT/security/advisories/GHSA-573g-3567-8phg https://access.redhat.com/security/cve/cve-2025-62612

Patch

https://fastgpt.io/zh