CVE-2025-66405

Medium CVSS: 6.9

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.

Vendor

Portkey

Product

Gateway

CWE

CWE-918

Yayın Tarihi

2025-12-01 23:15:53

Güncelleme

2026-02-20 21:21:26

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Gateway MEDIUM Portkey 2025

Referanslar

https://github.com/Portkey-AI/gateway/commit/b5a7825ba5f4e6918deb32d9969899ce2229a885 https://github.com/Portkey-AI/gateway/pull/1372 https://github.com/Portkey-AI/gateway/security/advisories/GHSA-hhh5-2cvx-vmfp

Benzer Kayıtlar

High

CVE-2026-22771

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway…

Medium

CVE-2025-25294

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway…

High

CVE-2025-24030

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway…