{"id":"CVE-2025-60541","details":"A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request.","modified":"2026-03-13T03:40:10.328415Z","published":"2025-11-06T19:15:41.790Z","references":[{"type":"FIX","url":"https://github.com/linshenkx/prompt-optimizer/issues/179"},{"type":"PACKAGE","url":"https://github.com/linshenkx/prompt-optimizer"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/linshenkx/prompt-optimizer","events":[{"introduced":"b2b0a40ceb56e0e30c48dca78740197c47b56db7"},{"last_affected":"d9d505b5c93289bdc31e1af2713a1cfb027dc204"}],"database_specific":{"versions":[{"introduced":"1.3.0"},{"last_affected":"1.4.2"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-60541.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}