Plattform
docker
Komponente
docker
Behoben in
0.8.2
CVE-2025-69222 describes a critical server-side request forgery (SSRF) vulnerability affecting LibreChat, a ChatGPT clone. This flaw arises from insufficient restrictions within the Actions feature, enabling unauthorized access to internal components. The vulnerability impacts LibreChat versions 0.8.1-rc2 running within Docker containers. A fix is expected, and temporary mitigation strategies are available.
The SSRF vulnerability in LibreChat allows attackers to craft malicious agent instructions that trigger requests to internal services. Because LibreChat's Actions feature lacks proper validation, an attacker can manipulate agent configurations to send requests to the RAG API or other internal components, potentially exposing sensitive data or gaining unauthorized access. This could lead to data exfiltration, privilege escalation, or even remote code execution if the internal services are vulnerable. The lack of restrictions in the default configuration significantly broadens the attack surface, making exploitation relatively straightforward.
CVE-2025-69222 was published on 2026-01-07. The vulnerability's critical severity (CVSS 9.1) and ease of exploitation suggest a high probability of exploitation. Public proof-of-concept code is likely to emerge, potentially leading to widespread exploitation. It is not currently listed on CISA KEV, but its severity warrants close monitoring.
Organizations deploying LibreChat within Docker containers, particularly those with exposed internal APIs or sensitive data accessible via the RAG API, are at significant risk. Shared hosting environments where LibreChat instances share resources with other applications are also vulnerable, as a successful exploitation could potentially impact other tenants.
• docker: Inspect Docker container network configuration for excessive outbound access.
docker inspect <container_id> | grep NetworkSettings• linux / server: Monitor system logs for unusual outbound HTTP requests originating from the LibreChat container.
journalctl -u librechat -f | grep -i "http://"• generic web: Monitor access logs for requests to internal services from the LibreChat server's IP address. Look for unusual user-agent strings or request patterns.
grep "<librechat_ip>" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.31% (54% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to a patched version of LibreChat as soon as it becomes available. Until then, implement temporary workarounds to limit the impact. A Web Application Firewall (WAF) can be configured to block outbound requests to internal services or restrict access based on IP address or domain. Additionally, carefully review and restrict the allowed OpenAPI specifications and actions configured within LibreChat agents, limiting their ability to interact with external resources. Consider implementing network segmentation to isolate internal services from external access.
Aktualisieren Sie LibreChat auf Version 0.8.2-rc2 oder höher. Diese Version behebt die SSRF-Schwachstelle, indem sie Beschränkungen in der Actions-Funktion implementiert. Stellen Sie sicher, dass Sie die Versionshinweise überprüfen und die vom Anbieter bereitgestellten Upgrade-Anweisungen befolgen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-69222 is a critical SSRF vulnerability in LibreChat Docker containers (version 0.8.1-rc2) where the Actions feature lacks restrictions, allowing unauthorized access to internal APIs like the RAG API.
If you are running LibreChat in a Docker container, specifically version 0.8.1-rc2, you are potentially affected by this SSRF vulnerability. Assess your environment and implement mitigations immediately.
The recommended fix is to upgrade to a patched version of LibreChat as soon as it becomes available. Until then, implement temporary workarounds like network restrictions and WAF rules.
While there are no confirmed reports of active exploitation at this time, the vulnerability's ease of exploitation suggests a high probability of future attacks. Continuous monitoring is crucial.
Refer to the official LibreChat security advisories and release notes on their website or GitHub repository for updates and information regarding the patch for CVE-2025-69222.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Dockerfile-Datei hoch und wir sagen dir sofort, ob du betroffen bist.