Home > Vulnerability Database > CVE-2025-57818

Mend.io Vulnerability Database

CVE-2025-57818

Good to know:

Date: August 26, 2025

Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with arbitrary headers, which may have allowed access to internal systems. This has been fixed in version 2.0.1. If upgrading is not possible, it is recommend to isolate Firecrawl from any sensitive internal systems.

Severity Score

6.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-57818

Url: https://github.com/firecrawl/firecrawl/commit/b15fae51a760e9810a66bbfde5d5693d0df3fbeb

Url: https://github.com/firecrawl/firecrawl/security/advisories/GHSA-p2wg-prhf-jx79

Url: https://github.com/firecrawl/firecrawl/releases/tag/v2.0.1

Url: https://github.com/firecrawl/firecrawl/commit/e8cf0985b07968061a6b684b58097732e827ed46

Url: https://www.mend.io/vulnerability-database/CVE-2025-57818

Severity Score

6.3

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version https://github.com/firecrawl/firecrawl.git - v2.0.1

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-57818

Good to know:

Date: August 26, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?