CVE-2025-69222

Published: Jan 7, 2026

Modified: Jan 7, 2026

PUBLISHED

CVSS v3.1

9.1

CRITICAL

Description

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actions that can interact with remote services via OpenAPI specifications, supporting various HTTP methods, parameters, and authentication methods including custom headers. By default, there are no restrictions on accessible services, which means agents can also access internal components like the RAG API included in the default Docker Compose setup. This issue is fixed in version 0.8.1-rc2.

Vendor	Product	Versions
danny-avila	LibreChat	affected `>= 0.8.1-rc2, 0.8.2-rc2`

Weaknesses (CWE)

CWE-918

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

Low

References

https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8

x_refsource_CONFIRM

https://github.com/danny-avila/LibreChat/commit/3b41e392ba5c0d603c1737d8582875e04eaa6e02

x_refsource_MISC

https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-69222

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References