What is the CVSS score of CVE-2025-69222?

CVE-2025-69222 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L. EPSS exploitation probability: 0.2%.

Which versions of Docker are affected by CVE-2025-69222?

Organizations using LibreChat face critical risk from CVE-2025-69222, a server-side request forgery vulnerability rated CVSS 9.1.. A patch is available.

Is there a public PoC exploit available for CVE-2025-69222?

Yes, a public proof-of-concept exploit is available for CVE-2025-69222. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-69222?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Implement egress filtering and URL validation for server-side requests.

Docker CVE-2025-69222

CRITICAL

Server-Side Request Forgery (SSRF) (CWE-918)

2026-01-07 security-advisories@github.com

Docker SSRF AI / ML Librechat

9.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 15, 2026 - 21:36 vuln.today

Public exploit code

Patch released

Jan 15, 2026 - 21:36 nvd

Patch available

CVE Published

Jan 07, 2026 - 22:15 nvd

CRITICAL 9.1

DescriptionGitHub Advisory

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actions that can interact with remote services via OpenAPI specifications, supporting various HTTP methods, parameters, and authentication methods including custom headers. By default, there are no restrictions on accessible services, which means agents can also access internal components like the RAG API included in the default Docker Compose setup. This issue is fixed in version 0.8.1-rc2.

AnalysisAI

LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.

Technical ContextAI

The Actions feature allows configuring agents with OpenAPI specifications that define HTTP endpoints (CWE-918). The server makes requests to these endpoints without validating that they are external. An authenticated user can specify internal IP addresses, accessing cloud metadata services, internal APIs, and other restricted resources.

RemediationAI

Update LibreChat. Implement SSRF protections: block requests to private IP ranges, cloud metadata services, and localhost.

More from same product – last 7 days

CVE-2026-48039 CRITICAL Act Now POC

9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-47172 CRITICAL Act Now

9.5 Jun 11

Privileged GitHub Actions workflow injection in Quest Bot (Discord moderation bot) prior to version 1.0.3 allows remote

CVE-2026-47174 CRITICAL Act Now

9.5 Jun 11

Production deployment compromise in Duck Site before 1.0.1 allows remote attackers to push attacker-controlled code as t

CVE-2026-53755 HIGH This Week

8.6 Jun 16

Server-side request forgery in Crawl4AI's Docker API server (versions <= 0.8.8) allows unauthenticated remote attackers

CVE-2025-69222 vulnerability details – vuln.today

Back