CVE-2025-66201

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-66201
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-66201.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-66201
Aliases
  • GHSA-7m2q-fjwr-5x8v
Published
2025-11-29T01:26:18.757Z
Modified
2025-11-29T02:57:47.018497Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability
Details

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66201.json",
    "cwe_ids": [
        "CWE-20",
        "CWE-918"
    ]
}
References

Affected packages

Git / github.com/danny-avila/librechat

Affected ranges

Type
GIT
Repo
https://github.com/danny-avila/librechat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f0f81945fb80e821f839d8fb29ccae0aaa471511
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.8.1-rc2"
        }
    ]
}