CVE-2025-69222 — CRITICAL (9.1)

Vulnerability Description

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actions that can interact with remote services via OpenAPI specifications, supporting various HTTP methods, parameters, and authentication methods including custom headers. By default, there are no restrictions on accessible services, which means agents can also access internal components like the RAG API included in the default Docker Compose setup. This issue is fixed in version 0.8.1-rc2.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Librechat	Librechat	0.8.1

Related Weaknesses (CWE)

CWE-918

References

https://github.com/danny-avila/LibreChat/commit/3b41e392ba5c0d603c1737d8582875e0Patch
https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2Release Notes
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8ExploitVendor Advisory

FAQ

What is CVE-2025-69222?

CVE-2025-69222 is a vulnerability with a CVSS score of 9.1 (CRITICAL). LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the defaul...

How severe is CVE-2025-69222?

CVE-2025-69222 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-69222?

Check the references section above for vendor advisories and patch information. Affected products include: Librechat Librechat.