Server-Side Request Forgery in LibreChat ChatGPT Clone
CVE-2025-69222

9.1CRITICAL

Key Information:

Vendor

Danny-avila

Status
Librechat
Vendor
CVE Published:
7 January 2026

What is CVE-2025-69222?

LibreChat, a popular ChatGPT clone, is susceptible to a server-side request forgery (SSRF) vulnerability due to inadequate restrictions on the Actions feature in its default configuration. This vulnerability allows agents within LibreChat to access remote services without restrictions, posing a significant risk as they can potentially interact with sensitive internal components, such as the RAG API included in the default Docker Compose setup. Users are advised to upgrade to version 0.8.2-rc2, which resolves this issue and enhances the security posture of the application.

Affected Version(s)

LibreChat >= 0.8.1-rc2, 0.8.2-rc2

References

https://github.com/danny-avila/LibreChat/security/advisor...
x_refsource_CONFIRM
https://github.com/danny-avila/LibreChat/commit/3b41e392b...
x_refsource_MISC
https://github.com/danny-avila/LibreChat/releases/tag/v0....
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.