CVE-2025-52552 Information
Jun 22, 2025
cve
Description
FastGPT is an AI Agent building platform. Prior to version 4.9.12 the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.
Reference
https://github.com/labring/FastGPT/commit/095b75ee27746004106eddeaa4840688a61ff6eb https://github.com/labring/FastGPT/security/advisories/GHSA-r976-rfrv-q24m
Related CNNVD
CNNVD-202506-2850 (Published: 2025-06-21)
Share on: