CVE-2025-52552

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: FastGPT versions prior to 4.9.12

Description: The issue concerns the LastRoute Parameter on the login page, which is vulnerable to open redirect and DOM-based XSS due to improper validation and lack of sanitization. This allows attackers to execute malicious JavaScript or redirect users to attacker-controlled sites.

Recommendations: For versions prior to 4.9.12, update to version 4.9.12 to resolve the issue. As a temporary workaround, consider restricting access to the LastRoute Parameter on the login page to minimize the risk of exploitation. Avoid using the LastRoute parameter in the affected login page until the issue is resolved.

Exploit

Fix

Open Redirect

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-79

Related Identifiers

CVE-2025-52552

GHSA-R976-RFRV-Q24M

Affected Products

Fastgpt

CVE-2025-52552

Weakness Enumeration

Related Identifiers

Affected Products

References · 8