CVE-2025-66451

LibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes

CVSS 5.3 MEDIUMEPSS 0.3%CWE-20 CWE-915

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Dec 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

danny-avila · LibreChat

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/danny-avila/LibreChat/commit/01413eea3d3c1454d32ca9704fa9640407839737 https://github.com/danny-avila/LibreChat/security/advisories/GHSA-vpqq-5qr4-655h