Unrated severityNVD Advisory· Published Dec 11, 2025· Updated Dec 12, 2025

LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload

CVE-2025-66450

Description

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious “tracker”, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1.

Affected products

Danny Avila/Librechatv5
Range: < 0.8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/danny-avila/LibreChat/commit/6fa94d3eb8f5779363226d10dccf8b01a735744cmitrex_refsource_MISC
github.com/danny-avila/LibreChat/security/advisories/GHSA-84vx-vmcf-xgppmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000