CVE-2025-62505

Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 1.136.2

Description LobeChat is susceptible to a server-side request forgery (SSRF) issue within the tools.search.crawlPages tRPC endpoint. An attacker can provide arbitrary URLs and specify the 'naive' implementation, causing the server to make unfiltered outbound HTTP requests to internal networks, localhost, or cloud metadata endpoints. This allows potential exposure of internal API data or cloud metadata credentials. The issue stems from the lack of validation or restriction of internal network addresses during server-side fetching. The vulnerable code is located in the naive.ts file. In a development environment, authentication can be bypassed using the 'lobe-auth-dev-backend-api: 1' header. The urls and impls parameters are used in the tRPC call to trigger the vulnerability.

Recommendations Update to LobeChat version 1.136.2 or later.