Login Sign Up

CVE-2025-60541

7.3 HIGH
SSRF

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in prompt-optimizer allows attackers to make the server send requests to internal resources that should not be accessible from outside. Attackers can scan internal networks, access internal services, or potentially escalate to other attacks. Users running prompt-optimizer versions 1.3.0 through 1.4.2 are affected.

💻 Affected Systems

Products:
  • linshenkx prompt-optimizer
Versions: v1.3.0 to v1.4.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with the /api/proxy/ endpoint accessible. Default installations are vulnerable.

📦 What is this software?

Prompt Optimizer by Linshenkx

View all CVEs affecting Prompt Optimizer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive internal systems, steal credentials from metadata services, perform internal port scanning, or pivot to attack other internal resources.

🟠

Likely Case

Internal network reconnaissance, accessing internal APIs or services, potentially retrieving sensitive information from internal endpoints.

🟢

If Mitigated

Limited to scanning accessible internal resources without authentication to those resources.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The GitHub issue shows exploitation details. SSRF vulnerabilities are commonly weaponized due to their utility in internal reconnaissance.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.4.3 or later

Vendor Advisory: https://github.com/linshenkx/prompt-optimizer/issues/179

Restart Required: Yes

Instructions:

1. Update prompt-optimizer to version 1.4.3 or later. 2. Restart the prompt-optimizer service. 3. Verify the fix by testing the /api/proxy/ endpoint.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to the prompt-optimizer instance and block outbound requests from the server to internal resources.

Disable Proxy Endpoint

all

Remove or disable the /api/proxy/ endpoint if not required.

🧯 If You Can't Patch

  • Implement strict network controls to limit the server's ability to connect to internal resources
  • Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Test if you can make the /api/proxy/ endpoint request internal resources like http://localhost or internal IP addresses.

Check Version:

Check the package.json file or run: npm list prompt-optimizer

Verify Fix Applied:

After updating, test the /api/proxy/ endpoint to ensure it no longer allows requests to internal resources.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /api/proxy/ with internal IPs or domains
  • Outbound connections from the server to internal resources

Network Indicators:

  • Unexpected traffic from the prompt-optimizer server to internal services
  • Port scanning patterns originating from the server

SIEM Query:

source="prompt-optimizer" AND (uri_path="/api/proxy/" OR dest_ip IN (RFC1918_IP_RANGE))

📊 Metadata

CVE ID: CVE-2025-60541
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-918
EPSS Score: 0.06% exploit probability (19.7th percentile)
Published: November 6, 2025
Last Updated: December 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60541, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)