CVE-2025-66405 | Portkey-AI Gateway up to 1.13.x Request Header x-portkey-custom-host server-side request forgery (GHSA-hhh5-2cvx-vmfp)

A vulnerability categorized as critical has been discovered in Portkey-AI Gateway up to 1.13.x. The impacted element is an unknown function of the component Request Header Handler. The manipulation of the argument x-portkey-custom-host results in server-side request forgery.

This vulnerability was named CVE-2025-66405. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More