CVE-2025-28197

Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*

History

23 Jun 2025, 19:49

Type Values Removed Values Added
References () https://gist.github.com/AndrewDzzz/f49e79b09ce0643ee1fc2a829e8875e0 - () https://gist.github.com/AndrewDzzz/f49e79b09ce0643ee1fc2a829e8875e0 - Third Party Advisory
First Time Kidocode crawl4ai
Kidocode
CPE cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*

22 Apr 2025, 14:15

Type Values Removed Values Added
Summary
  • (es) Crawl4AI &lt;=0.4.247 es vulnerable a SSRF en /crawl4ai/async_dispatcher.py.
CWE CWE-918
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1

18 Apr 2025, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-18 20:15

Updated : 2025-06-23 19:49


NVD link : CVE-2025-28197

Mitre link : CVE-2025-28197

CVE.ORG link : CVE-2025-28197


JSON object : View

Products Affected

kidocode

  • crawl4ai
CWE
CWE-918

Server-Side Request Forgery (SSRF)