4 matches found
CVE-2025-66450
CVE-2025-66450 affects LibreChat. Versions 0.8.0 and below allow an attacker to modify the iconURL parameter in a POST request, causing malicious code to be stored in a chat and potentially shared with others. This can lead to privacy loss for users who view the shared chat link. The issue is add...
CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...
CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...
CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...