Tag
The QuantumNous new-api is vulnerable to SSRF attacks. The SSRF protection implemented in versions v0.9.0.5 (CVE-2025-59146) and v0.9.6 (CVE-2025-62155) can be bypassed by using the address `0.0.0.0`. An attacker with a valid API token can send a request to `/v1/chat/completions`, `/v1/responses`, or `/v1/messages` with `0.0.0.0` as the image/file URL host, which bypasses the private-IP filter and allows the server to issue HTTP requests to localhost, enabling a blind SSRF and possibly a full-read SSRF in specific configurations.