Search criteria
63 vulnerabilities found for librechat by librechat
FKIE_CVE-2025-66201
Vulnerability from fkie_nvd - Published: 2025-11-29 02:15 - Updated: 2025-12-03 21:49
Severity ?
Summary
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v | Exploit, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C781B65-3680-4762-9FEB-F404DDA1810C",
"versionEndExcluding": "0.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:librechat:librechat:0.8.1:-:*:*:*:*:*:*",
"matchCriteriaId": "98BB9E92-2D0E-4975-A966-734F3858551B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:librechat:librechat:0.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8DAB7F45-699A-4383-ABEA-D4374E58EE95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its \"Actions\" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2."
}
],
"id": "CVE-2025-66201",
"lastModified": "2025-12-03T21:49:38.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-11-29T02:15:52.420",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8849
Vulnerability from fkie_nvd - Published: 2025-10-31 00:15 - Updated: 2025-11-10 17:14
Severity ?
Summary
LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/danny-avila/librechat/commit/edf33bedcbb08c33e59df76f06454ed7efd896f9 | Patch | |
| security@huntr.dev | https://huntr.com/bounties/e9d9404c-cd19-4226-a580-9cba14b7d7d6 | Exploit, Mitigation, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:0.7.9:-:*:*:*:*:*:*",
"matchCriteriaId": "74A99A2E-023B-4C39-9696-61DA01C9284E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service."
}
],
"id": "CVE-2025-8849",
"lastModified": "2025-11-10T17:14:43.587",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-31T00:15:37.480",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/edf33bedcbb08c33e59df76f06454ed7efd896f9"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/e9d9404c-cd19-4226-a580-9cba14b7d7d6"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8850
Vulnerability from fkie_nvd - Published: 2025-10-30 20:15 - Updated: 2025-11-19 15:27
Severity ?
Summary
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint '/api/auth/2fa/disable' is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/danny-avila/librechat/commit/7e4c8a5d0d2dbe5bf8fd272ff6acafb27d24744f | Patch | |
| security@huntr.dev | https://huntr.com/bounties/8e615709-f4de-41e2-b194-f0d91ed7c75e | Third Party Advisory, Exploit, Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:0.7.9:-:*:*:*:*:*:*",
"matchCriteriaId": "74A99A2E-023B-4C39-9696-61DA01C9284E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint \u0027/api/auth/2fa/disable\u0027 is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise."
}
],
"id": "CVE-2025-8850",
"lastModified": "2025-11-19T15:27:48.057",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-30T20:15:39.633",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/7e4c8a5d0d2dbe5bf8fd272ff6acafb27d24744f"
},
{
"source": "security@huntr.dev",
"tags": [
"Third Party Advisory",
"Exploit",
"Patch"
],
"url": "https://huntr.com/bounties/8e615709-f4de-41e2-b194-f0d91ed7c75e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-440"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8848
Vulnerability from fkie_nvd - Published: 2025-10-22 14:15 - Updated: 2025-10-30 17:34
Severity ?
Summary
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the <html lang=""> tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/a05ebc1f-882a-4adc-b178-d3cefa4b730e | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:0.7.9:-:*:*:*:*:*:*",
"matchCriteriaId": "74A99A2E-023B-4C39-9696-61DA01C9284E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the \u003chtml lang=\"\"\u003e tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks."
}
],
"id": "CVE-2025-8848",
"lastModified": "2025-10-30T17:34:52.680",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-22T14:15:52.393",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/a05ebc1f-882a-4adc-b178-d3cefa4b730e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-7104
Vulnerability from fkie_nvd - Published: 2025-09-29 17:15 - Updated: 2025-10-16 16:45
Severity ?
Summary
A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra fields in the request body are included in agentData and passed to the database layer, allowing overwriting of any field in the schema, such as author, access_level, isCollaborative, and projectIds. Additionally, the Object.Prototype can be polluted due to the use of Object.assign with spread operators.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/danny-avila/librechat/commit/a37bf6719cfbc2de270f7d87b6b85d87cc1768db | Patch | |
| security@huntr.dev | https://huntr.com/bounties/32a175c4-7543-4503-a3d0-7880abd1826b | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A71E951B-BD00-4918-907F-B1F68779D8B7",
"versionEndExcluding": "0.7.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra fields in the request body are included in agentData and passed to the database layer, allowing overwriting of any field in the schema, such as author, access_level, isCollaborative, and projectIds. Additionally, the Object.Prototype can be polluted due to the use of Object.assign with spread operators."
}
],
"id": "CVE-2025-7104",
"lastModified": "2025-10-16T16:45:42.937",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-09-29T17:15:32.927",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/a37bf6719cfbc2de270f7d87b6b85d87cc1768db"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/32a175c4-7543-4503-a3d0-7880abd1826b"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-915"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
FKIE_CVE-2025-7106
Vulnerability from fkie_nvd - Published: 2025-09-23 10:15 - Updated: 2025-10-20 19:00
Severity ?
Summary
danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly grants access if only one of multiple required permissions is present. This allows users with the 'USER' role to create agents despite having `CREATE: false` permission, as the check for `['USE', 'CREATE']` passes with just `USE: true`. This vulnerability affects other permission checks as well, such as `PROMPTS`. The issue is present in all versions prior to the fix.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A71E951B-BD00-4918-907F-B1F68779D8B7",
"versionEndExcluding": "0.7.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly grants access if only one of multiple required permissions is present. This allows users with the \u0027USER\u0027 role to create agents despite having `CREATE: false` permission, as the check for `[\u0027USE\u0027, \u0027CREATE\u0027]` passes with just `USE: true`. This vulnerability affects other permission checks as well, such as `PROMPTS`. The issue is present in all versions prior to the fix."
}
],
"id": "CVE-2025-7106",
"lastModified": "2025-10-20T19:00:25.837",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-09-23T10:15:34.947",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/91a2df47599c09d80886bfc28e0ccf1debd42110"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/7de2765b-d1fe-4495-9144-220070857c48"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-6088
Vulnerability from fkie_nvd - Published: 2025-09-11 01:15 - Updated: 2025-10-16 16:00
Severity ?
Summary
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they can be obtained from less-protected sources such as server-side access logs, browser history, or screenshots. The vulnerability permits a logged-in user to gain read-only access to another user's conversations by exploiting the `/api/share/conversationID` endpoint, which lacks authorization checks. This issue is resolved in version v0.7.9-rc1.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/danny-avila/librechat/commit/3af2666890bbf291cb7b9f3e03592d54714f0ff5 | Patch | |
| security@huntr.dev | https://huntr.com/bounties/361405bb-a739-41eb-a680-4cb6193e7c76 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:0.7.8:-:*:*:*:*:*:*",
"matchCriteriaId": "9320858D-D92D-4B8F-A7D2-01047C3D18FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:librechat:librechat:0.7.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6175F0DD-C12D-45AB-9B26-1161E6B5C607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users\u0027 conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they can be obtained from less-protected sources such as server-side access logs, browser history, or screenshots. The vulnerability permits a logged-in user to gain read-only access to another user\u0027s conversations by exploiting the `/api/share/conversationID` endpoint, which lacks authorization checks. This issue is resolved in version v0.7.9-rc1."
}
],
"id": "CVE-2025-6088",
"lastModified": "2025-10-16T16:00:19.400",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-09-11T01:15:34.200",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/3af2666890bbf291cb7b9f3e03592d54714f0ff5"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/361405bb-a739-41eb-a680-4cb6193e7c76"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
FKIE_CVE-2025-54868
Vulnerability from fkie_nvd - Published: 2025-08-05 05:15 - Updated: 2025-08-26 13:41
Severity ?
Summary
LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D925D67A-5172-445D-9B0D-BB489565BB73",
"versionEndExcluding": "0.7.8",
"versionStartIncluding": "0.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7."
},
{
"lang": "es",
"value": "LibreChat es un clon de ChatGPT con funciones adicionales. En las versiones 0.0.6 a 0.7.7-rc1, un endpoint de pruebas expuesto permite leer chats arbitrarios directamente desde el motor de b\u00fasqueda Meilisearch. El endpoint /api/search/test permite el acceso directo a los chats almacenados en el motor de b\u00fasqueda Meilisearch sin un control de acceso adecuado. Esto permite leer chats de usuarios arbitrarios. Este problema se solucion\u00f3 en la versi\u00f3n 0.7.7."
}
],
"id": "CVE-2025-54868",
"lastModified": "2025-08-26T13:41:36.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-05T05:15:37.950",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/LibreChat/commit/0e8041bcac616949c42a68dfb8f108ccc4db5151"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-p5j8-m4wh-ffmw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-12580
Vulnerability from fkie_nvd - Published: 2025-03-20 10:15 - Updated: 2025-07-14 17:56
Severity ?
Summary
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and file_id in the /code/download/:sessionId/:fileId and /download/:userId/:file_id APIs are not validated or filtered, leading to potential log injection attacks. This can cause distortion of monitoring and investigation information, evade detection from security systems, and create difficulties in maintenance and operation.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E179B3DF-58FF-4973-9462-0DACCC77DC7A",
"versionEndExcluding": "0.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and file_id in the /code/download/:sessionId/:fileId and /download/:userId/:file_id APIs are not validated or filtered, leading to potential log injection attacks. This can cause distortion of monitoring and investigation information, evade detection from security systems, and create difficulties in maintenance and operation."
},
{
"lang": "es",
"value": "Una vulnerabilidad en danny-avila/librechat anterior a la versi\u00f3n 0.7.6 permite la inyecci\u00f3n de registros de depuraci\u00f3n. Los par\u00e1metros sessionId, fileId, userId y file_id de las API /code/download/:sessionId/:fileId y /download/:userId/:file_id no est\u00e1n validados ni filtrados, lo que puede provocar ataques de inyecci\u00f3n de registros. Esto puede distorsionar la informaci\u00f3n de monitorizaci\u00f3n e investigaci\u00f3n, evadir la detecci\u00f3n de los sistemas de seguridad y dificultar el mantenimiento y la operaci\u00f3n."
}
],
"id": "CVE-2024-12580",
"lastModified": "2025-07-14T17:56:24.377",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-20T10:15:29.263",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/95d6bd2c2db4a09b308be2b96e3d5fd522c7b72a"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/6e477667-dcd4-42c2-b342-a6ce09ffdeeb"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
FKIE_CVE-2024-11173
Vulnerability from fkie_nvd - Published: 2025-03-20 10:15 - Updated: 2025-07-15 16:03
Severity ?
Summary
An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to exploit this vulnerability, LibreChat allows open registration, enabling unauthenticated attackers to create an account and perform the attack. The issue is fixed in version 0.7.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E179B3DF-58FF-4973-9462-0DACCC77DC7A",
"versionEndExcluding": "0.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to exploit this vulnerability, LibreChat allows open registration, enabling unauthenticated attackers to create an account and perform the attack. The issue is fixed in version 0.7.6."
},
{
"lang": "es",
"value": "Una excepci\u00f3n no controlada en el repositorio danny-avila/librechat, versi\u00f3n git 600d217, puede provocar un fallo del servidor, lo que resulta en una denegaci\u00f3n de servicio total. Este problema ocurre cuando ciertos endpoints de la API reciben una entrada mal formada, lo que resulta en una excepci\u00f3n no detectada. Aunque se requiere un JWT v\u00e1lido para explotar esta vulnerabilidad, LibreChat permite el registro abierto, lo que permite a atacantes no autenticados crear una cuenta y ejecutar el ataque. El problema est\u00e1 corregido en la versi\u00f3n 0.7.6."
}
],
"id": "CVE-2024-11173",
"lastModified": "2025-07-15T16:03:30.350",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
]
},
"published": "2025-03-20T10:15:24.663",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/95a212534f1c5991bd1231a34ac3668b4b592cc3"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/4cebf926-c17f-4836-868b-e1de86221cec"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
FKIE_CVE-2024-11169
Vulnerability from fkie_nvd - Published: 2025-03-20 10:15 - Updated: 2025-07-15 16:45
Severity ?
Summary
An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E179B3DF-58FF-4973-9462-0DACCC77DC7A",
"versionEndExcluding": "0.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6."
},
{
"lang": "es",
"value": "Una excepci\u00f3n no controlada en la versi\u00f3n 3c94ff2 de danny-avila/librechat puede provocar un fallo del servidor. El problema ocurre cuando el m\u00f3dulo fs lanza una excepci\u00f3n al gestionar la carga de archivos. Un usuario no autenticado puede activar esta excepci\u00f3n enviando una solicitud especialmente manipulada, lo que provoca el fallo del servidor. La vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.7.6."
}
],
"id": "CVE-2024-11169",
"lastModified": "2025-07-15T16:45:29.420",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
]
},
"published": "2025-03-20T10:15:24.210",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/754e1649-5612-4ba9-a533-06b46de5c4b5"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-115"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
FKIE_CVE-2024-11171
Vulnerability from fkie_nvd - Published: 2025-03-20 10:15 - Updated: 2025-10-15 13:15
Severity ?
Summary
In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. The application uses multer middleware for handling multipart file uploads. When using in-memory storage (the default setting for multer), there is no limit on the upload file size. This can lead to a server crash due to out-of-memory errors when handling large files. An attacker without any privileges can exploit this vulnerability to cause a complete denial of service. The issue is fixed in version 0.7.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E179B3DF-58FF-4973-9462-0DACCC77DC7A",
"versionEndExcluding": "0.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. The application uses multer middleware for handling multipart file uploads. When using in-memory storage (the default setting for multer), there is no limit on the upload file size. This can lead to a server crash due to out-of-memory errors when handling large files. An attacker without any privileges can exploit this vulnerability to cause a complete denial of service. The issue is fixed in version 0.7.6."
},
{
"lang": "es",
"value": "En la versi\u00f3n git 0c2a583 de danny-avila/librechat, existe una vulnerabilidad de validaci\u00f3n de entrada incorrecta. La aplicaci\u00f3n utiliza el middleware multer para gestionar la carga de archivos multiparte. Al usar almacenamiento en memoria (configuraci\u00f3n predeterminada de multer), no hay l\u00edmite de tama\u00f1o para los archivos de carga. Esto puede provocar un fallo del servidor debido a errores de memoria insuficiente al gestionar archivos grandes. Un atacante sin privilegios puede explotar esta vulnerabilidad para provocar una denegaci\u00f3n de servicio completa. El problema se ha corregido en la versi\u00f3n 0.7.6."
}
],
"id": "CVE-2024-11171",
"lastModified": "2025-10-15T13:15:38.923",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
]
},
"published": "2025-03-20T10:15:24.437",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/bb58a2d0662ef86dc75a9d2f6560125c018e3836"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/91717a5a-d653-4e35-b186-9e8d00aa4285"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
FKIE_CVE-2024-11172
Vulnerability from fkie_nvd - Published: 2025-03-20 10:15 - Updated: 2025-10-15 13:15
Severity ?
Summary
A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exception will cause the server to crash. This issue is fixed in version 0.7.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E179B3DF-58FF-4973-9462-0DACCC77DC7A",
"versionEndExcluding": "0.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exception will cause the server to crash. This issue is fixed in version 0.7.6."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la versi\u00f3n git a1647d7 de danny-avila/librechat permite a un atacante no autenticado provocar una denegaci\u00f3n de servicio mediante el env\u00edo de un payload manipulado al servidor. El middleware `checkBan` no est\u00e1 rodeado por un bloque try-catch, y una excepci\u00f3n no controlada provocar\u00e1 el bloqueo del servidor. Este problema se ha corregido en la versi\u00f3n 0.7.6."
}
],
"id": "CVE-2024-11172",
"lastModified": "2025-10-15T13:15:39.100",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
]
},
"published": "2025-03-20T10:15:24.550",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/976784c01fa4cce00d4c2941801d56aed375c21b"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/c76a7ee3-2e26-45a0-8940-21c749592105"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
FKIE_CVE-2024-11167
Vulnerability from fkie_nvd - Published: 2025-03-20 10:15 - Updated: 2025-07-15 11:15
Severity ?
Summary
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E179B3DF-58FF-4973-9462-0DACCC77DC7A",
"versionEndExcluding": "0.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users\u0027 prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso indebido en versiones de danny-avila/librechat anteriores a la 0.7.6 permite a los usuarios autenticados eliminar las solicitudes de otros usuarios mediante el par\u00e1metro groupid. Este problema se produce porque el endpoint no verifica si el ID de solicitud proporcionado pertenece al usuario actual."
}
],
"id": "CVE-2024-11167",
"lastModified": "2025-07-15T11:15:24.140",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-20T10:15:24.097",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/danny-avila/librechat/commit/5071bdbf9ac621165f0e8d009818851f3951eee7"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/298f5760-5797-4432-8b9e-544609d612c0"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2025-66201 (GCVE-0-2025-66201)
Vulnerability from cvelistv5 – Published: 2025-11-29 01:26 – Updated: 2025-12-01 14:11
VLAI?
Summary
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | LibreChat |
Affected:
< 0.8.1-rc2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66201",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T13:53:40.240228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:11:07.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreChat",
"vendor": "danny-avila",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1-rc2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its \"Actions\" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-29T01:26:18.757Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v"
}
],
"source": {
"advisory": "GHSA-7m2q-fjwr-5x8v",
"discovery": "UNKNOWN"
},
"title": "LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66201",
"datePublished": "2025-11-29T01:26:18.757Z",
"dateReserved": "2025-11-24T23:01:29.676Z",
"dateUpdated": "2025-12-01T14:11:07.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8849 (GCVE-0-2025-8849)
Vulnerability from cvelistv5 – Published: 2025-10-30 23:42 – Updated: 2025-10-31 15:09
VLAI?
Summary
LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.
Severity ?
5.4 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < v0.8.0-rc2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8849",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:59:52.273037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T15:09:34.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.8.0-rc2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:42:41.552Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/e9d9404c-cd19-4226-a580-9cba14b7d7d6"
},
{
"url": "https://github.com/danny-avila/librechat/commit/edf33bedcbb08c33e59df76f06454ed7efd896f9"
}
],
"source": {
"advisory": "e9d9404c-cd19-4226-a580-9cba14b7d7d6",
"discovery": "EXTERNAL"
},
"title": "Denial of Service in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-8849",
"datePublished": "2025-10-30T23:42:41.552Z",
"dateReserved": "2025-08-10T18:16:35.321Z",
"dateUpdated": "2025-10-31T15:09:34.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8850 (GCVE-0-2025-8850)
Vulnerability from cvelistv5 – Published: 2025-10-30 19:59 – Updated: 2025-11-05 14:57
VLAI?
Summary
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint '/api/auth/2fa/disable' is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise.
Severity ?
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < v0.8.0-rc2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:57:10.072224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T14:57:26.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.8.0-rc2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint \u0027/api/auth/2fa/disable\u0027 is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440 Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:59:36.327Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/8e615709-f4de-41e2-b194-f0d91ed7c75e"
},
{
"url": "https://github.com/danny-avila/librechat/commit/7e4c8a5d0d2dbe5bf8fd272ff6acafb27d24744f"
}
],
"source": {
"advisory": "8e615709-f4de-41e2-b194-f0d91ed7c75e",
"discovery": "EXTERNAL"
},
"title": "Insecure API Design in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-8850",
"datePublished": "2025-10-30T19:59:36.327Z",
"dateReserved": "2025-08-10T19:01:03.291Z",
"dateUpdated": "2025-11-05T14:57:26.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8848 (GCVE-0-2025-8848)
Vulnerability from cvelistv5 – Published: 2025-10-22 13:54 – Updated: 2025-10-30 18:22
VLAI?
Summary
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the <html lang=""> tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks.
Severity ?
4.8 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T18:22:29.814728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:22:51.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the \u003chtml lang=\"\"\u003e tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:54:00.389Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/a05ebc1f-882a-4adc-b178-d3cefa4b730e"
}
],
"source": {
"advisory": "a05ebc1f-882a-4adc-b178-d3cefa4b730e",
"discovery": "EXTERNAL"
},
"title": "HTML Injection in Accept-Language Header in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-8848",
"datePublished": "2025-10-22T13:54:00.389Z",
"dateReserved": "2025-08-10T18:16:29.790Z",
"dateUpdated": "2025-10-30T18:22:51.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7104 (GCVE-0-2025-7104)
Vulnerability from cvelistv5 – Published: 2025-09-29 17:10 – Updated: 2025-10-15 16:08
VLAI?
Summary
A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra fields in the request body are included in agentData and passed to the database layer, allowing overwriting of any field in the schema, such as author, access_level, isCollaborative, and projectIds. Additionally, the Object.Prototype can be polluted due to the use of Object.assign with spread operators.
Severity ?
4.3 (Medium)
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < v0.7.9
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T16:08:26.597585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:08:39.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra fields in the request body are included in agentData and passed to the database layer, allowing overwriting of any field in the schema, such as author, access_level, isCollaborative, and projectIds. Additionally, the Object.Prototype can be polluted due to the use of Object.assign with spread operators."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T17:10:59.630Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/32a175c4-7543-4503-a3d0-7880abd1826b"
},
{
"url": "https://github.com/danny-avila/librechat/commit/a37bf6719cfbc2de270f7d87b6b85d87cc1768db"
}
],
"source": {
"advisory": "32a175c4-7543-4503-a3d0-7880abd1826b",
"discovery": "EXTERNAL"
},
"title": "Mass Assignment in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-7104",
"datePublished": "2025-09-29T17:10:59.630Z",
"dateReserved": "2025-07-05T18:30:20.348Z",
"dateUpdated": "2025-10-15T16:08:39.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7106 (GCVE-0-2025-7106)
Vulnerability from cvelistv5 – Published: 2025-09-23 09:54 – Updated: 2025-09-23 19:29
VLAI?
Summary
danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly grants access if only one of multiple required permissions is present. This allows users with the 'USER' role to create agents despite having `CREATE: false` permission, as the check for `['USE', 'CREATE']` passes with just `USE: true`. This vulnerability affects other permission checks as well, such as `PROMPTS`. The issue is present in all versions prior to the fix.
Severity ?
5.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < v0.7.9
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7106",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T19:29:40.670533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T19:29:47.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly grants access if only one of multiple required permissions is present. This allows users with the \u0027USER\u0027 role to create agents despite having `CREATE: false` permission, as the check for `[\u0027USE\u0027, \u0027CREATE\u0027]` passes with just `USE: true`. This vulnerability affects other permission checks as well, such as `PROMPTS`. The issue is present in all versions prior to the fix."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T09:54:33.716Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/7de2765b-d1fe-4495-9144-220070857c48"
},
{
"url": "https://github.com/danny-avila/librechat/commit/91a2df47599c09d80886bfc28e0ccf1debd42110"
}
],
"source": {
"advisory": "7de2765b-d1fe-4495-9144-220070857c48",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass due to Incorrect Access Control in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-7106",
"datePublished": "2025-09-23T09:54:33.716Z",
"dateReserved": "2025-07-05T19:01:51.636Z",
"dateUpdated": "2025-09-23T19:29:47.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6088 (GCVE-0-2025-6088)
Vulnerability from cvelistv5 – Published: 2025-09-11 00:43 – Updated: 2025-09-11 14:42
VLAI?
Summary
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they can be obtained from less-protected sources such as server-side access logs, browser history, or screenshots. The vulnerability permits a logged-in user to gain read-only access to another user's conversations by exploiting the `/api/share/conversationID` endpoint, which lacks authorization checks. This issue is resolved in version v0.7.9-rc1.
Severity ?
4.2 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < v0.7.9-rc1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T14:26:31.565500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T14:42:34.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.7.9-rc1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users\u0027 conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they can be obtained from less-protected sources such as server-side access logs, browser history, or screenshots. The vulnerability permits a logged-in user to gain read-only access to another user\u0027s conversations by exploiting the `/api/share/conversationID` endpoint, which lacks authorization checks. This issue is resolved in version v0.7.9-rc1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T00:43:51.699Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/361405bb-a739-41eb-a680-4cb6193e7c76"
},
{
"url": "https://github.com/danny-avila/librechat/commit/3af2666890bbf291cb7b9f3e03592d54714f0ff5"
}
],
"source": {
"advisory": "361405bb-a739-41eb-a680-4cb6193e7c76",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-6088",
"datePublished": "2025-09-11T00:43:51.699Z",
"dateReserved": "2025-06-14T15:10:06.244Z",
"dateUpdated": "2025-09-11T14:42:34.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54868 (GCVE-0-2025-54868)
Vulnerability from cvelistv5 – Published: 2025-08-05 04:53 – Updated: 2025-08-05 16:19
VLAI?
Summary
LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
Severity ?
7.5 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | LibreChat |
Affected:
>= 0.0.6, < 0.7.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54868",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T16:18:52.997600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T16:19:02.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreChat",
"vendor": "danny-avila",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.0.6, \u003c 0.7.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T04:53:08.166Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-p5j8-m4wh-ffmw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-p5j8-m4wh-ffmw"
},
{
"name": "https://github.com/danny-avila/LibreChat/commit/0e8041bcac616949c42a68dfb8f108ccc4db5151",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/danny-avila/LibreChat/commit/0e8041bcac616949c42a68dfb8f108ccc4db5151"
}
],
"source": {
"advisory": "GHSA-p5j8-m4wh-ffmw",
"discovery": "UNKNOWN"
},
"title": "LibreChat exposes arbitrary chats through Meilisearch engine"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54868",
"datePublished": "2025-08-05T04:53:08.166Z",
"dateReserved": "2025-07-31T17:23:33.472Z",
"dateUpdated": "2025-08-05T16:19:02.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66201 (GCVE-0-2025-66201)
Vulnerability from nvd – Published: 2025-11-29 01:26 – Updated: 2025-12-01 14:11
VLAI?
Summary
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | LibreChat |
Affected:
< 0.8.1-rc2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66201",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T13:53:40.240228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:11:07.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreChat",
"vendor": "danny-avila",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1-rc2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its \"Actions\" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-29T01:26:18.757Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v"
}
],
"source": {
"advisory": "GHSA-7m2q-fjwr-5x8v",
"discovery": "UNKNOWN"
},
"title": "LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66201",
"datePublished": "2025-11-29T01:26:18.757Z",
"dateReserved": "2025-11-24T23:01:29.676Z",
"dateUpdated": "2025-12-01T14:11:07.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8849 (GCVE-0-2025-8849)
Vulnerability from nvd – Published: 2025-10-30 23:42 – Updated: 2025-10-31 15:09
VLAI?
Summary
LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.
Severity ?
5.4 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < v0.8.0-rc2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8849",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:59:52.273037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T15:09:34.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.8.0-rc2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:42:41.552Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/e9d9404c-cd19-4226-a580-9cba14b7d7d6"
},
{
"url": "https://github.com/danny-avila/librechat/commit/edf33bedcbb08c33e59df76f06454ed7efd896f9"
}
],
"source": {
"advisory": "e9d9404c-cd19-4226-a580-9cba14b7d7d6",
"discovery": "EXTERNAL"
},
"title": "Denial of Service in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-8849",
"datePublished": "2025-10-30T23:42:41.552Z",
"dateReserved": "2025-08-10T18:16:35.321Z",
"dateUpdated": "2025-10-31T15:09:34.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8850 (GCVE-0-2025-8850)
Vulnerability from nvd – Published: 2025-10-30 19:59 – Updated: 2025-11-05 14:57
VLAI?
Summary
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint '/api/auth/2fa/disable' is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise.
Severity ?
CWE
- CWE-440 - Expected Behavior Violation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < v0.8.0-rc2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:57:10.072224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T14:57:26.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.8.0-rc2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint \u0027/api/auth/2fa/disable\u0027 is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440 Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:59:36.327Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/8e615709-f4de-41e2-b194-f0d91ed7c75e"
},
{
"url": "https://github.com/danny-avila/librechat/commit/7e4c8a5d0d2dbe5bf8fd272ff6acafb27d24744f"
}
],
"source": {
"advisory": "8e615709-f4de-41e2-b194-f0d91ed7c75e",
"discovery": "EXTERNAL"
},
"title": "Insecure API Design in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-8850",
"datePublished": "2025-10-30T19:59:36.327Z",
"dateReserved": "2025-08-10T19:01:03.291Z",
"dateUpdated": "2025-11-05T14:57:26.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8848 (GCVE-0-2025-8848)
Vulnerability from nvd – Published: 2025-10-22 13:54 – Updated: 2025-10-30 18:22
VLAI?
Summary
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the <html lang=""> tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks.
Severity ?
4.8 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T18:22:29.814728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:22:51.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the \u003chtml lang=\"\"\u003e tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:54:00.389Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/a05ebc1f-882a-4adc-b178-d3cefa4b730e"
}
],
"source": {
"advisory": "a05ebc1f-882a-4adc-b178-d3cefa4b730e",
"discovery": "EXTERNAL"
},
"title": "HTML Injection in Accept-Language Header in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-8848",
"datePublished": "2025-10-22T13:54:00.389Z",
"dateReserved": "2025-08-10T18:16:29.790Z",
"dateUpdated": "2025-10-30T18:22:51.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7104 (GCVE-0-2025-7104)
Vulnerability from nvd – Published: 2025-09-29 17:10 – Updated: 2025-10-15 16:08
VLAI?
Summary
A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra fields in the request body are included in agentData and passed to the database layer, allowing overwriting of any field in the schema, such as author, access_level, isCollaborative, and projectIds. Additionally, the Object.Prototype can be polluted due to the use of Object.assign with spread operators.
Severity ?
4.3 (Medium)
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < v0.7.9
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T16:08:26.597585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:08:39.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra fields in the request body are included in agentData and passed to the database layer, allowing overwriting of any field in the schema, such as author, access_level, isCollaborative, and projectIds. Additionally, the Object.Prototype can be polluted due to the use of Object.assign with spread operators."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T17:10:59.630Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/32a175c4-7543-4503-a3d0-7880abd1826b"
},
{
"url": "https://github.com/danny-avila/librechat/commit/a37bf6719cfbc2de270f7d87b6b85d87cc1768db"
}
],
"source": {
"advisory": "32a175c4-7543-4503-a3d0-7880abd1826b",
"discovery": "EXTERNAL"
},
"title": "Mass Assignment in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-7104",
"datePublished": "2025-09-29T17:10:59.630Z",
"dateReserved": "2025-07-05T18:30:20.348Z",
"dateUpdated": "2025-10-15T16:08:39.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7106 (GCVE-0-2025-7106)
Vulnerability from nvd – Published: 2025-09-23 09:54 – Updated: 2025-09-23 19:29
VLAI?
Summary
danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly grants access if only one of multiple required permissions is present. This allows users with the 'USER' role to create agents despite having `CREATE: false` permission, as the check for `['USE', 'CREATE']` passes with just `USE: true`. This vulnerability affects other permission checks as well, such as `PROMPTS`. The issue is present in all versions prior to the fix.
Severity ?
5.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < v0.7.9
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7106",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T19:29:40.670533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T19:29:47.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.7.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly grants access if only one of multiple required permissions is present. This allows users with the \u0027USER\u0027 role to create agents despite having `CREATE: false` permission, as the check for `[\u0027USE\u0027, \u0027CREATE\u0027]` passes with just `USE: true`. This vulnerability affects other permission checks as well, such as `PROMPTS`. The issue is present in all versions prior to the fix."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T09:54:33.716Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/7de2765b-d1fe-4495-9144-220070857c48"
},
{
"url": "https://github.com/danny-avila/librechat/commit/91a2df47599c09d80886bfc28e0ccf1debd42110"
}
],
"source": {
"advisory": "7de2765b-d1fe-4495-9144-220070857c48",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass due to Incorrect Access Control in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-7106",
"datePublished": "2025-09-23T09:54:33.716Z",
"dateReserved": "2025-07-05T19:01:51.636Z",
"dateUpdated": "2025-09-23T19:29:47.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6088 (GCVE-0-2025-6088)
Vulnerability from nvd – Published: 2025-09-11 00:43 – Updated: 2025-09-11 14:42
VLAI?
Summary
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they can be obtained from less-protected sources such as server-side access logs, browser history, or screenshots. The vulnerability permits a logged-in user to gain read-only access to another user's conversations by exploiting the `/api/share/conversationID` endpoint, which lacks authorization checks. This issue is resolved in version v0.7.9-rc1.
Severity ?
4.2 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Affected:
unspecified , < v0.7.9-rc1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T14:26:31.565500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T14:42:34.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.7.9-rc1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users\u0027 conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they can be obtained from less-protected sources such as server-side access logs, browser history, or screenshots. The vulnerability permits a logged-in user to gain read-only access to another user\u0027s conversations by exploiting the `/api/share/conversationID` endpoint, which lacks authorization checks. This issue is resolved in version v0.7.9-rc1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T00:43:51.699Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/361405bb-a739-41eb-a680-4cb6193e7c76"
},
{
"url": "https://github.com/danny-avila/librechat/commit/3af2666890bbf291cb7b9f3e03592d54714f0ff5"
}
],
"source": {
"advisory": "361405bb-a739-41eb-a680-4cb6193e7c76",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-6088",
"datePublished": "2025-09-11T00:43:51.699Z",
"dateReserved": "2025-06-14T15:10:06.244Z",
"dateUpdated": "2025-09-11T14:42:34.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54868 (GCVE-0-2025-54868)
Vulnerability from nvd – Published: 2025-08-05 04:53 – Updated: 2025-08-05 16:19
VLAI?
Summary
LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
Severity ?
7.5 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | LibreChat |
Affected:
>= 0.0.6, < 0.7.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54868",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T16:18:52.997600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T16:19:02.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreChat",
"vendor": "danny-avila",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.0.6, \u003c 0.7.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T04:53:08.166Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-p5j8-m4wh-ffmw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-p5j8-m4wh-ffmw"
},
{
"name": "https://github.com/danny-avila/LibreChat/commit/0e8041bcac616949c42a68dfb8f108ccc4db5151",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/danny-avila/LibreChat/commit/0e8041bcac616949c42a68dfb8f108ccc4db5151"
}
],
"source": {
"advisory": "GHSA-p5j8-m4wh-ffmw",
"discovery": "UNKNOWN"
},
"title": "LibreChat exposes arbitrary chats through Meilisearch engine"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54868",
"datePublished": "2025-08-05T04:53:08.166Z",
"dateReserved": "2025-07-31T17:23:33.472Z",
"dateUpdated": "2025-08-05T16:19:02.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}