CVE-2025-66450

low-risk

Published 2025-12-11

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious “tracker”, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Librechat

Affected Vendors

Librechat

References (2)

Patch https://github.com/danny-avila/LibreChat/commit/6fa94d3eb8f5779363226d10dccf8b01...

Exploit https://github.com/danny-avila/LibreChat/security/advisories/GHSA-84vx-vmcf-xgpp

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal