CVE-2025-0188

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt version 20240914

Description A Server-Side Request Forgery (SSRF) issue was discovered, allowing an attacker to construct a response link by saving the response in a folder named after the SHA-1 hash of the target URL. This enables the attacker to access the response directly, potentially leading to unauthorized access to internal systems, data theft, service disruption, or further attacks such as port scanning and accessing metadata endpoints.

Recommendations For gaizhenbiao/chuanhuchatgpt version 20240914, consider restricting access to the response folder to minimize the risk of exploitation. As a temporary workaround, avoid using the SHA-1 hash of the target URL as a folder name until a patch is available. Restrict access to metadata endpoints to prevent further attacks.