Home > Vulnerability Database > CVE-2025-66451

Mend.io Vulnerability Database

CVE-2025-66451

Good to know:

Date: December 11, 2025

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.

Severity Score

6.5

Related Resources (4)

Url: https://github.com/danny-avila/LibreChat/security/advisories/GHSA-vpqq-5qr4-655h

Url: https://github.com/danny-avila/LibreChat/commit/01413eea3d3c1454d32ca9704fa9640407839737

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-66451

Url: https://www.mend.io/vulnerability-database/CVE-2025-66451

Severity Score

6.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-915

Top Fix

Upgrade Version

Upgrade to version https://github.com/danny-avila/LibreChat.git - v0.8.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-66451

Good to know:

Date: December 11, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?