CVE-2025-52552 – FastGPT Open Redirect and DOM-Based XSS Vulnerability

June 21, 2025

CVE ID : CVE-2025-52552

Published : June 21, 2025, 3:15 a.m. | 3 hours ago

Description : FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6399 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Critical Vulnerability

Next Article CVE-2025-52487 – DNN Bypass Login IP Filter Vulnerability

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-52552 – FastGPT Open Redirect and DOM-Based XSS Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

The Xbox app on Windows 11 gets a handy feature just in time for the Project Kennan handheld

CVE-2025-46578 – GoldenDB Database SQL Injection Vulnerability

Can the EU Lead the Global Digital Future? Here’s What the Strategy Says

How to Download Karafun Player for Windows PC [2025 Guide]

Google commits to eSIM only in the Pixel 10. Why it matters (and one caveat)

CVE-2025-50202 – Lychee Path Traversal Vulnerability

How to focus on building your skills when everything’s so distracting with Ania Kubów [Podcast #187]

Oxc – tools for JavaScript and TypeScript

CVE-2025-52552 – FastGPT Open Redirect and DOM-Based XSS Vulnerability

Related Posts