Main Vulnerability Database Vulnerabilities #VU128107

Server-Side Request Forgery (SSRF) in LibreChat - CVE-2025-69222

Published: April 27, 2026

Vulnerability identifier: #VU128107

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-69222

CWE-ID: CWE-918

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LibreChat

Affected software:
LibreChat

Detailed vulnerability description

The vulnerability allows a remote user to interact with arbitrary third-party HTTP services and access internal services.

The vulnerability exists due to server-side request forgery in the Actions feature when processing user-supplied OpenAPI specifications in the default configuration. A remote user can define crafted action specifications and send requests to arbitrary HTTP services to interact with arbitrary third-party HTTP services and access internal services.

In the default Docker Compose setup, this can expose the internal RAG API and allow requests with arbitrary HTTP methods, parameters, and headers.

How to mitigate CVE-2025-69222

Install security update from vendor's website.

Sources

https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8

Server-Side Request Forgery (SSRF) in LibreChat - CVE-2025-69222

Detailed vulnerability description

How to mitigate CVE-2025-69222

Sources

Please verify you're human