CVE-2025-66201 | danny-avila LibreChat up to 0.8.1-rc1 OpenAPI server-side request forgery (GHSA-7m2q-fjwr-5x8v / EUVD-2025-199888)

Full Article URL: https://vuldb.com/?id.333781
Textarea URL (this page): <a href="https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzY2NrcwBACQQgj4_2025-11-29">https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzY2NrcwBACQQgj4_2025-11-29
Source: https://vuldb.com/?rss.recent
Vuldb: https://vuldb.com
Publication date: 2025-11-29 09:22:11
Last retrieval: 2025-11-29 11:45:45.491473

09:22 - 29 Nov 2025

vuldb.com

A vulnerability was found in danny-avila LibreChat up to 0.8.1-rc1. It has been declared as critical. The impacted element is an unknown function of the component OpenAPI Handler. The manipulation results in server-side request forgery. This vulnerability is known as CVE-2025-66201. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

https://vuldb.com/?id.333781

Article info: