{"data":{"id":"c45d42e6-abe8-4378-a5ca-8abe3eaacc72","title":"CVE-2025-66452: LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing","summary":"LibreChat (a ChatGPT alternative with extra features) versions 0.8.0 and below have a security flaw where JSON parsing errors aren't properly handled, causing user input to appear in error messages. This can expose HTML or JavaScript code in responses, creating an XSS risk (cross-site scripting, where attackers inject malicious code that runs in users' browsers).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-66452","publishedAt":"2025-12-12T04:15:50.880Z","cveId":"CVE-2025-66452","cweIds":["CWE-79"],"cvssScore":"6.1","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["LibreChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00052,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}