CVE-2025-66405 is a Server-Side Request Forgery (SSRF) vulnerability identified in the Portkey-AI Gateway product, specifically affecting versions prior to 1.14.0. The vulnerability arises because the gateway determines the destination baseURL for proxy requests by prioritizing the value supplied in the x-portkey-custom-host HTTP header. This design flaw allows an attacker to manipulate this header to direct the gateway to send requests to arbitrary internal or external network endpoints. The proxy route appends the client-specified path to the baseURL and performs an external fetch, which can be exploited to access internal services that are otherwise inaccessible externally, potentially leading to information disclosure or further network exploitation. The vulnerability does not require any authentication or user interaction, making it easier to exploit remotely. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and no impact on confidentiality, integrity, or availability (VC:N/VI:N/VA:N), but with scope impact (S: I), which suggests that the vulnerability affects components beyond the initially vulnerable component. The vulnerability was published on December 1, 2025, and has a medium severity rating with a CVSS score of 6.9. The issue is resolved in Portkey-AI Gateway version 1.14.0, which no longer prioritizes the x-portkey-custom-host header for determining the destination baseURL, thereby preventing SSRF exploitation.

For European organizations, the SSRF vulnerability in Portkey-AI Gateway could allow attackers to pivot from the exposed gateway to internal network resources, potentially accessing sensitive data, internal APIs, or cloud metadata services. This could lead to unauthorized data disclosure, reconnaissance of internal infrastructure, or facilitate further attacks such as privilege escalation or lateral movement within the network. Organizations relying on Portkey-AI Gateway as a proxy for AI-related services or integrations may face disruptions or data breaches if exploited. Given that no authentication or user interaction is required, the attack surface is broad, increasing the risk of automated exploitation attempts. The impact is particularly significant for sectors with sensitive internal networks such as finance, healthcare, and critical infrastructure providers prevalent in Europe. Additionally, the ability to manipulate internal requests could undermine trust in AI service integrations and complicate compliance with data protection regulations like GDPR if internal data is exposed.

European organizations should immediately upgrade Portkey-AI Gateway to version 1.14.0 or later to apply the official fix that removes reliance on the x-portkey-custom-host header for baseURL determination. Until the upgrade is applied, organizations should implement strict network segmentation to restrict the gateway's ability to reach sensitive internal services. Deploying Web Application Firewalls (WAFs) with rules to detect and block suspicious header manipulations or unusual outbound requests from the gateway can help mitigate exploitation attempts. Monitoring and logging of all proxy requests, especially those containing the x-portkey-custom-host header, should be enabled to detect potential abuse. Additionally, organizations should review and restrict the gateway's outbound network permissions to only trusted destinations. Conducting internal penetration tests focusing on SSRF scenarios can help identify residual risks. Finally, educating developers and administrators about the risks of trusting client-supplied headers in proxy configurations will help prevent similar vulnerabilities.