{"data":{"id":"06303ee7-c1c7-4a6b-a3f9-b9ea2d445e47","title":"CVE-2025-52552: FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable t","summary":"FastGPT, an AI Agent building platform, has a vulnerability in versions before 4.9.12 where the LastRoute parameter on the login page is not properly validated or cleaned of malicious code. This allows attackers to perform open redirect (sending users to attacker-controlled websites) or DOM-based XSS (injecting malicious JavaScript that runs in the user's browser).","solution":"Update FastGPT to version 4.9.12 or later, where this issue has been patched.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-52552","publishedAt":"2025-06-21T03:15:24.990Z","cveId":"CVE-2025-52552","cweIds":["CWE-79","CWE-601"],"cvssScore":"6.1","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection","other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["FastGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00066,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}