CVE-2025-27600 – FastGPT's web crawling plugin lacks intranet IP... (How to Fix)

Q: What is the severity of CVE-2025-27600?

CVE-2025-27600 has a CVSS score of 6.5 (MEDIUM). FastGPT's web crawling plugin lacks intranet IP verification, allowing attackers to make requests to internal network resources. This could expose private intranet data through server-side request forgery. Organizations using FastGPT versions before 4.9.0 are affected.

📋 TL;DR

FastGPT's web crawling plugin lacks intranet IP verification, allowing attackers to make requests to internal network resources. This could expose private intranet data through server-side request forgery. Organizations using FastGPT versions before 4.9.0 are affected.

💻 Affected Systems

Products:

FastGPT

Versions: All versions before 4.9.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the web crawling plugin enabled and accessible to attackers.

📦 What is this software?

Fastgpt by Fastgpt

View all CVEs affecting Fastgpt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network services, data exfiltration from internal systems, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized access to internal web services, exposure of internal API endpoints, and potential credential harvesting from internal systems.

🟢

If Mitigated

Limited to probing internal network structure with minimal data exposure if proper network segmentation exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to FastGPT instance and knowledge of internal IP addresses.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.9.0

Vendor Advisory: https://github.com/labring/FastGPT/security/advisories/GHSA-vc67-62v5-8cwx

Restart Required: Yes

Instructions:

1. Backup your FastGPT instance. 2. Update to version 4.9.0 or later. 3. Restart the FastGPT service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable web crawling plugin

all

Temporarily disable the vulnerable web crawling functionality

Edit FastGPT configuration to disable web crawling plugin

Network segmentation

all

Restrict FastGPT instance from accessing internal networks

Configure firewall rules to block FastGPT from internal IP ranges

🧯 If You Can't Patch

Implement strict network segmentation to isolate FastGPT from internal resources
Deploy web application firewall with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check FastGPT version and verify web crawling plugin is enabled in vulnerable versions

Check Version:

Check FastGPT admin panel or configuration files for version information

Verify Fix Applied:

Confirm version is 4.9.0 or later and test web crawling functionality with internal IPs

📡 Detection & Monitoring

Log Indicators:

Unusual web crawling requests to internal IP addresses
Failed internal network connection attempts from FastGPT

Network Indicators:

Outbound connections from FastGPT server to internal IP ranges
HTTP requests to internal services from FastGPT

SIEM Query:

source="fastgpt" AND (dest_ip IN internal_ranges OR url CONTAINS "192.168" OR url CONTAINS "10." OR url CONTAINS "172.")

📊 Metadata

CVE ID: CVE-2025-27600

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-918

EPSS Score: 0.1% exploit probability (27.2th percentile)

Published: March 6, 2025

Last Updated: December 29, 2025

🔗 References

https://github.com/labring/FastGPT/security/advisories/GHSA-vc67-62v5-8cwx Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27600, you might also want to check these: