CVE-2025-52552 is a medium-severity vulnerability affecting labring's FastGPT AI Agent building platform versions prior to 4.9.12. The vulnerability arises from improper validation and lack of sanitization of the 'LastRoute' parameter on the login page. This parameter is susceptible to an open redirect (CWE-601) and DOM-based Cross-Site Scripting (XSS) (CWE-79) attacks. An attacker can exploit the open redirect flaw to redirect users to attacker-controlled malicious websites, potentially facilitating phishing, credential theft, or malware distribution. The DOM-based XSS aspect allows execution of arbitrary JavaScript in the context of the vulnerable application, which can lead to session hijacking, unauthorized actions, or further exploitation within the user's browser. The vulnerability requires user interaction (clicking a crafted link) but does not require authentication, and the attack vector is network accessible (remote). The vulnerability has been patched in FastGPT version 4.9.12. No known exploits are currently reported in the wild. The CVSS 4.0 score is 5.5 (medium), reflecting the moderate impact on confidentiality, integrity, and availability, combined with ease of exploitation and user interaction requirements. The vulnerability affects the login page, a critical entry point, increasing the risk of successful social engineering or targeted attacks.

For European organizations using FastGPT versions prior to 4.9.12, this vulnerability poses a risk of user redirection to malicious sites and execution of malicious scripts within trusted sessions. This can lead to credential compromise, unauthorized access to AI agent management interfaces, and potential manipulation or theft of sensitive AI models or data. Organizations relying on FastGPT for AI agent deployment in sectors such as finance, healthcare, or critical infrastructure could face reputational damage, regulatory penalties under GDPR for data breaches, and operational disruptions. The open redirect can also be leveraged in phishing campaigns targeting employees or customers, increasing the attack surface. Although no active exploits are reported, the public disclosure and patch availability mean attackers may develop exploits, raising the urgency for mitigation. The DOM-based XSS can facilitate persistent attacks if combined with other vulnerabilities or social engineering, further elevating risk.

1. Immediate upgrade to FastGPT version 4.9.12 or later to apply the official patch addressing the open redirect and DOM-based XSS vulnerabilities. 2. Implement strict input validation and output encoding on all URL parameters, especially those controlling navigation or rendering in the login workflow, to prevent injection of malicious scripts or redirection URLs. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. 4. Monitor web server and application logs for unusual redirect patterns or suspicious parameter values indicative of exploitation attempts. 5. Educate users and administrators about phishing risks associated with open redirect vulnerabilities and encourage cautious behavior when clicking on links, especially those purporting to be login URLs. 6. Use web application firewalls (WAFs) configured to detect and block malicious payloads targeting URL parameters and known XSS attack vectors. 7. Conduct regular security assessments and penetration testing focusing on input validation and client-side scripting vulnerabilities in FastGPT deployments.