CVE-2025-62612
📋 TL;DR
CVE-2025-62612 is a Server-Side Request Forgery (SSRF) vulnerability in FastGPT's workflow file reading node that allows attackers to make unauthorized network requests from the vulnerable server. This affects all FastGPT deployments running versions before 4.11.1. Attackers could potentially access internal services or make requests to external systems using the server's network position.
💻 Affected Systems
- FastGPT
📦 What is this software?
Fastgpt by Fastgpt
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive internal services, exfiltrate data from cloud metadata services, or pivot to attack other internal systems from the compromised server.
Likely Case
Information disclosure from internal services, scanning of internal networks, or limited data exfiltration from accessible endpoints.
If Mitigated
Limited impact with proper network segmentation and egress filtering, though some information disclosure may still occur.
🎯 Exploit Status
Exploitation requires access to workflow functionality but no authentication bypass is needed. Attackers need to understand FastGPT's workflow system.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.11.1
Vendor Advisory: https://github.com/labring/FastGPT/security/advisories/GHSA-573g-3567-8phg
Restart Required: No
Instructions:
1. Backup your FastGPT instance. 2. Update FastGPT to version 4.11.1 or later using your deployment method (Docker, Kubernetes, etc.). 3. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable workflow file reading nodes
allTemporarily disable or remove workflow file reading nodes until patching is possible.
Network egress filtering
allImplement strict outbound firewall rules to limit the FastGPT server's network access to only required endpoints.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate FastGPT from sensitive internal services
- Deploy a web application firewall (WAF) with SSRF protection rules
- Monitor for unusual outbound connections from the FastGPT server
🔍 How to Verify
Check if Vulnerable:
Check FastGPT version in admin panel or via API. If version is below 4.11.1, the system is vulnerable.Check Version:
Check FastGPT web interface admin panel or use the FastGPT API endpoint for version information.Verify Fix Applied:
Confirm FastGPT version is 4.11.1 or higher and test workflow file reading functionality with controlled test cases.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from FastGPT server
- Requests to internal IP addresses or cloud metadata endpoints
- Failed attempts to access restricted network resources
Network Indicators:
- Unexpected outbound connections from FastGPT server to internal services
- Requests to cloud provider metadata services (169.254.169.254, etc.)
- Traffic to unusual ports or services
SIEM Query:
source="fastgpt-logs" AND (http_request_outbound OR network_connection) AND (dest_ip=internal_range OR dest_ip=metadata_service)