CVE-2025-66452

Name of the Vulnerable Software and Affected Versions LibreChat versions 0.8.0 and below

Description LibreChat, a ChatGPT clone with additional features, does not have a handler for JSON parsing errors. A SyntaxError originating from express.json() includes user input in the error message, which is then reflected in responses. This can lead to the exposure of user input, including HTML and JavaScript, in error responses. If the Content-Type is not strictly enforced, this creates a cross-site scripting (XSS) risk.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.