CVE-2025-66201

moderate-risk
Published 2025-11-29

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.

Do I need to act?

-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Librechat

References (2)

Exploit https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v
Exploit https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v
37
/ 100
moderate-risk
Severity 28/34 · Critical
Exploitability 0/34 · Minimal
Exposure 9/34 · Low