Unrated severityNVD Advisory· Published Nov 29, 2025· Updated Dec 1, 2025
LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability
CVE-2025-66201
Description
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versions
< 0.8.1-r0+ 2 more
- (no CPE)range: < 0.8.1-r0
- (no CPE)range: < 0.8.1-r0
- (no CPE)range: < 0.8.1-r0
Patches
Vulnerability mechanics
References
1- github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8vmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.