CVE-2025-59146 is a Server-Side Request Forgery (SSRF) vulnerability identified in the QuantumNous new-api, an AI asset management and large language model gateway system. The flaw exists in versions prior to 0.9.0.5 and allows authenticated users to submit URLs that the server processes by making outbound requests. The vulnerability arises because the application does not adequately validate or restrict these user-supplied URLs, enabling attackers to coerce the server into sending requests to arbitrary internal or external endpoints. This can lead to unauthorized access to internal services, bypassing network segmentation and exposing sensitive data or internal APIs. The SSRF is not limited to image URLs but applies to any URL processed by the vulnerable endpoint. Since user registration is often enabled by default, any registered user can exploit this vulnerability without additional privileges or user interaction. The vendor patched the vulnerability in version 0.9.0.5 by introducing a comprehensive SSRF protection module that is enabled by default and allows administrators to configure granular controls over outbound requests. For organizations unable to upgrade immediately, temporary mitigations include enabling the new-api image processing worker (new-api-worker) to isolate request processing and configuring egress firewall rules to restrict outbound traffic from the server. The CVSS v3.1 score is 8.5 (High), reflecting the vulnerability's network attack vector, low attack complexity, requirement for privileges (authenticated user), no user interaction, and significant confidentiality impact with limited integrity impact and no availability impact. No known exploits are reported in the wild yet, but the vulnerability poses a significant risk due to its potential to expose internal network resources.

For European organizations, this SSRF vulnerability poses a substantial risk of internal network reconnaissance and data exposure, especially in environments where QuantumNous new-api is deployed to manage AI assets or provide LLM gateway services. Attackers with valid user credentials could leverage this flaw to access internal services that are otherwise inaccessible externally, potentially extracting sensitive information or pivoting to further internal attacks. This risk is heightened in sectors with critical infrastructure or sensitive data, such as finance, healthcare, and government agencies, where internal network confidentiality is paramount. The ability to send arbitrary requests could also facilitate attacks against internal APIs or cloud metadata services, leading to credential theft or privilege escalation. The vulnerability's exploitation does not require user interaction beyond authentication, increasing the likelihood of abuse if credentials are compromised or weak registration controls are in place. The patch and mitigations reduce this risk, but organizations delaying updates remain vulnerable to targeted attacks or insider threats. The impact on integrity is limited, but confidentiality breaches could have severe regulatory and operational consequences under GDPR and other European data protection laws.

European organizations should immediately upgrade QuantumNous new-api to version 0.9.0.5 or later to apply the vendor's SSRF protection module, which is enabled by default and provides granular control over outbound requests. Until upgrades are feasible, organizations should enable the new-api-worker component to isolate image processing and reduce the attack surface. Additionally, strict egress firewall rules should be implemented to restrict outbound traffic from the new-api server, limiting requests to only trusted external endpoints and blocking access to internal IP ranges and sensitive services such as cloud metadata endpoints. Organizations should also enforce strong authentication and registration controls to prevent unauthorized user creation and monitor logs for unusual outbound request patterns indicative of SSRF exploitation attempts. Network segmentation should be reviewed to minimize the exposure of critical internal services accessible from the new-api server. Regular vulnerability scanning and penetration testing focused on SSRF scenarios are recommended to validate the effectiveness of mitigations. Finally, incident response teams should be prepared to detect and respond to SSRF exploitation attempts, including monitoring for anomalous internal request traffic.