CVE-2025-27600

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.9.0

Description The issue arises from the web crawling plug-in's failure to perform intranet IP verification. This allows an attacker to initiate an intranet IP request, causing the system to make a request through the intranet. As a result, the attacker may potentially obtain private data on the intranet.

Recommendations For versions prior to 4.9.0, update to version 4.9.0 to resolve the issue. As a temporary workaround, consider restricting access to the web crawling plug-in to minimize the risk of exploitation.