CVE-2025-52552 – FastGPT Open Redirect and DOM-Based XSS Vulnerability

June 21, 2025

CVE ID : CVE-2025-52552

Published : June 21, 2025, 3:15 a.m. | 3 hours ago

Description : FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6399 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Critical Vulnerability

Next Article CVE-2025-52487 – DNN Bypass Login IP Filter Vulnerability

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-52552 – FastGPT Open Redirect and DOM-Based XSS Vulnerability

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

CVE-2025-5977 – Code-projects School Fees Payment System SQL Injection Vulnerability

⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs

CVE-2025-4679 – Synology Active Backup for Microsoft 365 Information Disclosure Vulnerability

BeyondTrust PRA connection takeover – CVE-2025-0217

CVE-2025-47641 – Printcart Web to Print Product Designer for WooCommerce Unrestricted File Upload Vulnerability

IMSProg – I2C, SPI and Microwire EEPROM/Flash chip programmer

Empowering Industry with Seamless Online Procurement

Modern Manufacturing’s Silent Revolution: Intelligent Automation

CVE-2025-52552 – FastGPT Open Redirect and DOM-Based XSS Vulnerability

Related Posts