Home > Vulnerability Database > CVE-2025-69222

Mend.io Vulnerability Database

CVE-2025-69222

Good to know:

Date: January 7, 2026

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actions that can interact with remote services via OpenAPI specifications, supporting various HTTP methods, parameters, and authentication methods including custom headers. By default, there are no restrictions on accessible services, which means agents can also access internal components like the RAG API included in the default Docker Compose setup. This issue is fixed in version 0.8.1-rc2.

Severity Score

9.1

Related Resources (5)

Url: https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2

Url: https://github.com/danny-avila/LibreChat/commit/3b41e392ba5c0d603c1737d8582875e04eaa6e02

Url: https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-69222

Url: https://www.mend.io/vulnerability-database/CVE-2025-69222

Severity Score

9.1

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version https://github.com/danny-avila/LibreChat.git - v0.8.2-rc2

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-69222

Good to know:

Date: January 7, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?