CVE-2025-66405

Name of the Vulnerable Software and Affected Versions Portkey.ai Gateway versions prior to 1.14.0

Description The Portkey.ai Gateway, a fast AI Gateway with integrated guardrails, is susceptible to Server-Side Request Forgery (SSRF) attacks in versions before 1.14.0. The gateway determines the destination baseURL by prioritizing the value found in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. An attacker can exploit this behavior to perform SSRF attacks by manipulating the x-portkey-custom-host header.

Recommendations Update to version 1.14.0 or later.