CVE-2025-41258 | THREATINT

Description

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

PUBLISHED Reserved 2025-04-16 | Published 2026-03-18 | Updated 2026-03-18 | Assigner sba-research

HIGH: 8.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-284 Improper Access Control

Product status

Default status

unknown

0.8.1-rc2

affected

Credits

Lisa Gnedt (SBA Research) finder

Michael Koppmann (SBA Research) finder

References

github.com/...205-01_LibreChat_RAG_API_Authentication_Bypass third-party-advisory

github.com/danny-avila/LibreChat product

cve.org (CVE-2025-41258)

nvd.nist.gov (CVE-2025-41258)

Download JSON