CVE-2025-66450

MEDIUM

LibreChat <0.8.1 - XSS

Title source: llm

Description

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious “tracker”, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1.

References (2)

[Exploit, Vendor Advisory] https://github.com/danny-avila/LibreChat/security/advisories/GHSA-84vx-vmcf-xgpp

[Patch] https://github.com/danny-avila/LibreChat/commit/6fa94d3eb8f5779363226d10dccf8b01a735744c

View Patch ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0005

EPSS Percentile 16.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-80

Status published

Products (1)

librechat/librechat < 0.8.1

Published Dec 11, 2025

Tracked Since Feb 18, 2026