CVE-2025-49131

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.9.11

Description The issue concerns the Sandbox container in FastGPT, which has insufficient isolation and inadequate restrictions on code execution. This allows attackers to escape the intended sandbox boundaries by exploiting overly permissive syscalls. As a result, attackers can read and overwrite arbitrary files and bypass Python module import restrictions. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 4.9.11, update to version 4.9.11, which restricts the allowed system calls to a safer subset and provides additional descriptive error messaging. As a temporary workaround, consider restricting access to the fastgpt-sandbox container to minimize the risk of exploitation. Avoid using the Sandbox container for executing user-submitted or dynamically generated code until the issue is resolved.