CVE-2025-66451 — MEDIUM (6.5)

Q: How severe is CVE-2025-66451?

CVE-2025-66451 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-66451?

Check the references section above for vendor advisories and patch information. Affected products include: Librechat Librechat.

Vulnerability Description

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Librechat	Librechat	< 0.8.1

Related Weaknesses (CWE)

CWE-20 CWE-915

References

FAQ

What is CVE-2025-66451?

CVE-2025-66451 is a vulnerability with a CVSS score of 6.5 (MEDIUM). LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups ...

How severe is CVE-2025-66451?

CVE-2025-66451 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-66451?

Check the references section above for vendor advisories and patch information. Affected products include: Librechat Librechat.