Vulnerability Details CVE-2025-27600
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.8%
CVSS Severity
CVSS v3 Score 6.5