CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...

CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...

CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats wit...