Home

Description

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to the file context or file search, even if they have no permissions for this agent. This issue is fixed in version 0.8.2-rc2.

PUBLISHED Reserved 2025-12-29 | Published 2026-01-07 | Updated 2026-01-07 | Assigner GitHub_M




HIGH: 7.1CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L

Problem types

CWE-862: Missing Authorization

CWE-284: Improper Access Control

Product status

>= 0.8.1-rc2, < 0.8.2-rc2
affected

References

github.com/...reChat/security/advisories/GHSA-xcmf-rpmh-hg59

github.com/...ommit/4b9c6ab1cb9de626736de700c7981f38be08d237

cwe.mitre.org/data/definitions/284.html

cwe.mitre.org/data/definitions/862.html

github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2

owasp.org/Top10/A01_2021-Broken_Access_Control

owasp.org/...Testing_for_Bypassing_Authorization_Schema.html

raw.githubusercontent.com/...ification_Standard_5.0.0_en.pdf

cve.org (CVE-2025-69220)

nvd.nist.gov (CVE-2025-69220)

Download JSON