CVE-2025-62155 HIGH

CVE-2025-62155: QuantumNous New API Has SSRF Bypass

Vendor Quantumnous

Product new-api

Weakness CWE-918 · SSRF

Published November 24, 2025

Last update November 25, 2025

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successfully access the intranet. This issue has been patched in version 0.9.6.

Key dates

02Disclosure timeline

November 24, 2025 CVE published

November 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62155

Related vulnerabilities

CVE-2025-62155: QuantumNous New API Has SSRF Bypass

01Description

02Disclosure timeline

03References

04Related CVE