CVE-2025-66450 is a stored cross-site scripting (XSS) vulnerability categorized under CWE-80, found in the LibreChat application, a ChatGPT clone with extended features. The vulnerability exists in versions 0.8.0 and earlier, where the iconURL parameter in the POST request for submitting chat questions is insufficiently sanitized. An attacker can craft a malicious payload within this parameter that gets stored in the chat history. When this chat is shared and viewed by other users, the embedded malicious script executes in their browsers. This execution can lead to privacy violations, such as leaking user data or loading external tracking resources without consent. The vulnerability does not require any authentication, making it exploitable by any user who can submit chat messages. User interaction is necessary since the victim must open the malicious chat link to trigger the payload. The CVSS 4.0 score of 8.6 reflects the high impact on confidentiality and integrity, with low attack complexity and no privileges required. The vulnerability was publicly disclosed on December 11, 2025, and fixed in LibreChat version 0.8.1. No known exploits are reported in the wild yet. The root cause is improper neutralization of script-related HTML tags, allowing injection of executable code into the chat interface. This type of XSS can facilitate session hijacking, credential theft, or privacy breaches through tracking mechanisms embedded in the malicious payload.

For European organizations, this vulnerability poses significant privacy and security risks. LibreChat is used for internal and external communications, and exploitation could lead to unauthorized disclosure of sensitive information through malicious scripts. The stored XSS can be leveraged to execute arbitrary JavaScript in the context of the victim's browser, potentially stealing session tokens, redirecting users to phishing sites, or loading tracking pixels that violate GDPR privacy mandates. This can result in regulatory penalties, reputational damage, and loss of user trust. Since the vulnerability requires no authentication, any user or external attacker can exploit it, increasing the attack surface. Organizations relying on LibreChat for customer interactions or internal collaboration may face data leakage or compromise of user accounts. The privacy impact is particularly critical given the EU's stringent data protection laws. Additionally, the ability to share malicious chats can facilitate lateral movement within organizations or supply chain attacks if LibreChat is integrated with other platforms.

The primary mitigation is to upgrade LibreChat to version 0.8.1 or later, where the vulnerability is patched. Organizations should enforce strict input validation and output encoding on all user-supplied data, especially parameters like iconURL that are rendered in HTML contexts. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS. Disable or restrict the ability to share chats containing user-generated content until the patch is applied. Conduct security awareness training to educate users about the risks of opening untrusted chat links. Monitor logs for unusual activity related to chat submissions and resource loading from unknown domains. Employ web application firewalls (WAFs) with rules targeting XSS payloads to provide an additional layer of defense. Regularly audit and test the chat application for injection flaws and ensure secure coding practices are followed in future releases.