CVE 8.6 HIGH

LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability_CVE-2025-66201

November 28, 2025 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.

AI Analysis

Server-side Request Forgery (SSRF) vulnerability in LibreChat's Actions feature

Basic Information

ID CVE-2025-66201

Source GitHub_M

Published Nov 29, 2025 at 01:26

Affected Product

Vendor danny-avila

Product LibreChat

Version < 0.8.1-rc2

Affected Versions danny-avila LibreChat < 0.8.1-rc2

CWE Classification

CWE-20 CWE-918

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor danny-avila

Product LibreChat

Version < 0.8.1-rc2

References

github.com /danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v

{
    "lastseen": "",
    "description": "LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its \"Actions\" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.",
    "published": "2025-11-29T01:26:18.757Z",
    "modified": "2025-11-29T01:26:18.757Z",
    "type": "cve",
    "title": "LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability",
    "source": "GitHub_M",
    "references": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v",
    "id": "CVE-2025-66201",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "danny-avila LibreChat < 0.8.1-rc2",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LibreChat",
    "version": "< 0.8.1-rc2",
    "vendor": "danny-avila",
    "ai_description": "Server-side Request Forgery (SSRF) vulnerability in LibreChat's Actions feature",
    "ai_severity": "High",
    "ai_vendor": "danny-avila",
    "ai_product": "LibreChat",
    "ai_version": "< 0.8.1-rc2",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply