CVE-2025-66452 is a cross-site scripting vulnerability categorized under CWE-79, impacting the LibreChat project, a ChatGPT clone with additional features. In versions 0.8.1 and earlier, the application uses express.json() middleware for JSON parsing but lacks proper error handling for parsing failures. When a JSON parsing error occurs, the resulting SyntaxError message includes the original user input, which is then reflected verbatim in the HTTP response body. This reflection of untrusted input without sanitization or encoding creates a vector for reflected XSS attacks. If the server does not strictly enforce the Content-Type header to application/json, an attacker can craft malicious JSON payloads containing HTML or JavaScript code that, when parsed and errored, will be sent back to the client and executed in the victim’s browser context. This can lead to session hijacking, credential theft, or other malicious actions performed in the context of the vulnerable web application. The vulnerability does not require authentication or elevated privileges, but user interaction is necessary to trigger the exploit. As of the publication date, no official patch or fix is available, and no active exploits have been reported. The CVSS 4.0 base score is 5.3 (medium), reflecting the moderate impact and ease of exploitation without privileges but requiring user interaction. The vulnerability highlights the importance of robust error handling and strict content-type enforcement in web applications handling JSON input.

For European organizations, this vulnerability poses a risk primarily to those deploying LibreChat or derivative AI chatbot solutions in customer-facing or internal communication platforms. Successful exploitation could allow attackers to execute arbitrary scripts in users’ browsers, potentially leading to theft of session tokens, user impersonation, or delivery of further malware. This can undermine user trust, lead to data breaches, and cause reputational damage. Sectors such as finance, healthcare, and government, which increasingly adopt AI chatbots for service automation, may face compliance risks under GDPR if personal data is exposed or manipulated. The lack of a patch increases exposure duration, and the medium severity score suggests that while the vulnerability is not critical, it is exploitable over the network without authentication, making it a credible threat. Organizations relying on LibreChat in multi-tenant or public-facing environments are particularly vulnerable to widespread impact.

1. Implement strict Content-Type header enforcement on the server side, ensuring that only application/json requests are accepted and responded to accordingly. 2. Introduce robust error handling middleware to catch JSON parsing errors and return generic error messages without reflecting user input. 3. Sanitize and encode any user input before including it in HTTP responses to prevent script injection. 4. Monitor and restrict user inputs to expected JSON formats, rejecting malformed or suspicious payloads early. 5. Consider deploying Web Application Firewalls (WAFs) with rules to detect and block reflected XSS patterns targeting LibreChat endpoints. 6. Isolate LibreChat deployments from critical internal systems to limit potential lateral movement. 7. Stay updated with the LibreChat project for forthcoming patches and apply them promptly once available. 8. Educate users about the risks of interacting with suspicious chatbot inputs and encourage reporting anomalies.