CVE-2025-69222

Name of the Vulnerable Software and Affected Versions LibreChat version 0.8.1-rc2

Description LibreChat, a ChatGPT clone with additional features, is susceptible to a server-side request forgery (SSRF) issue. This occurs because of missing restrictions within the Actions feature in its default configuration. The Actions feature allows users to configure agents that interact with remote services using OpenAPI specifications, supporting various HTTP methods, parameters, and authentication methods, including custom headers. Without restrictions on accessible services, agents can access internal components, such as the RAG API included in the default Docker Compose setup. Server-Side Request Forgery (SSRF) is a web security flaw that allows an attacker to cause the server to make HTTP requests to an arbitrary domain of the attacker's choosing.

Recommendations Versions prior to 0.8.1-rc2 are affected. Update to LibreChat version 0.8.1-rc2 or later to address this issue.