CVE-2025-66201

LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability

Description

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.

INFO

Published Date :

2025-11-29T01:26:18.757Z

Last Modified :

2025-12-01T14:11:07.641Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-66201 vulnerability.

Vendors	Products
Librechat	Librechat

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66201.

URL	Resource
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact