CVE-2025-69222 – LibreChat version 0.8.1-rc2 has a server-side r... (How to Fix)

Q: What is the severity of CVE-2025-69222?

CVE-2025-69222 has a CVSS score of 9.1 (CRITICAL). LibreChat version 0.8.1-rc2 has a server-side request forgery (SSRF) vulnerability in its Actions feature that allows attackers to make unauthorized requests to internal services. This affects all users running the vulnerable version with default configuration. Attackers can potentially access sensitive internal APIs and services.

📋 TL;DR

LibreChat version 0.8.1-rc2 has a server-side request forgery (SSRF) vulnerability in its Actions feature that allows attackers to make unauthorized requests to internal services. This affects all users running the vulnerable version with default configuration. Attackers can potentially access sensitive internal APIs and services.

💻 Affected Systems

Products:

LibreChat

Versions: Version 0.8.1-rc2 and earlier

Operating Systems: All platforms running LibreChat

Default Config Vulnerable: ⚠️ Yes

Notes: Default Docker Compose setup includes vulnerable RAG API that can be accessed

📦 What is this software?

Librechat by Librechat

View all CVEs affecting Librechat →

Librechat by Librechat

View all CVEs affecting Librechat →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal services, data exfiltration, and lateral movement within the network

🟠

Likely Case

Unauthorized access to internal APIs, potential data leakage from RAG API and other internal services

🟢

If Mitigated

Limited to specific allowed endpoints with proper input validation and network segmentation

🌐 Internet-Facing: HIGH - Web application accessible from internet can be exploited remotely

🏢 Internal Only: HIGH - Even internal deployments can be exploited by authenticated users

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access but exploitation is straightforward via Actions configuration

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 0.8.2-rc2

Vendor Advisory: https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8

Restart Required: Yes

Instructions:

1. Update to version 0.8.2-rc2 or later. 2. Pull latest Docker images if using containers. 3. Restart LibreChat services. 4. Verify Actions feature restrictions are properly configured.

🔧 Temporary Workarounds

Restrict Actions endpoints

all

Configure allowed endpoints and restrict access to internal services

Edit LibreChat configuration to define allowed domains/endpoints for Actions

Network segmentation

linux

Isolate LibreChat from internal services using firewall rules

iptables -A OUTPUT -d 192.168.0.0/16 -j DROP
ufw deny from librechat_container to internal_subnet

🧯 If You Can't Patch

Disable Actions feature entirely in configuration
Implement strict network segmentation to isolate LibreChat from internal services

🔍 How to Verify

Check if Vulnerable:

Check if running version 0.8.1-rc2 or earlier and Actions feature is enabled

Check Version:

docker ps --format '{{.Image}}' | grep librechat || check package version in application

Verify Fix Applied:

Verify version is 0.8.2-rc2 or later and test Actions feature restrictions

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests from LibreChat to internal IPs
Actions API calls to non-standard endpoints

Network Indicators:

LibreChat making requests to internal services on unusual ports
HTTP traffic from LibreChat to RAG API or other internal endpoints

SIEM Query:

source="librechat" AND (dest_ip=192.168.* OR dest_ip=10.* OR dest_ip=172.16.*) AND http_method=POST

📊 Metadata

CVE ID: CVE-2025-69222

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

CWE: CWE-918

EPSS Score: 0.19% exploit probability (41.2th percentile)

Published: January 7, 2026

Last Updated: January 15, 2026

🔗 References

https://github.com/danny-avila/LibreChat/commit/3b41e392ba5c0d603c1737d8582875e04eaa6e02 Patch
https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2 Release Notes
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69222, you might also want to check these: