Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-8848
CVE-2025-8848:
Chainguard vulnerability analysis and mitigation
Overview
A vulnerability (CVE-2025-8848) was discovered in danny-avila/librechat version 0.7.9 that allows for HTML injection via the Accept-Language header. The vulnerability was disclosed on October 22, 2025, and affects the web application's response handling mechanism (NVD).
Technical details
The vulnerability allows logged-in users to inject arbitrary HTML into the response tag through a crafted Accept-Language header in HTTP GET requests. The severity is rated as MEDIUM with a CVSS 3.1 base score of 5.4 (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). The vulnerability is classified under CWE-79 (Cross-site Scripting) and CWE-94 (Code Injection) (NVD).
Impact
When exploited, this vulnerability can lead to potential security risks such as cross-site scripting (XSS) attacks. The impact is characterized by low confidentiality and integrity breaches, with no impact on availability (NVD).
Mitigation and workarounds
Users should upgrade from librechat version 0.7.9 to a patched version when available. No specific workarounds have been publicly disclosed at this time (NVD).
Additional resources
Source: This report was generated using AI
Related Chainguard vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management