Refine your search
7 vulnerabilities found for by danny-avila
CVE-2025-66452 (GCVE-0-2025-66452)
Vulnerability from cvelistv5
Published
2025-12-11 22:52
Modified
2025-12-12 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript) can be exposed in error responses, creating an XSS risk if Content-Type isn't strictly enforced. This issue does not have a fix at the time of publication.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | LibreChat |
Version: <= 0.8.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66452",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T19:27:37.555730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T19:28:19.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreChat",
"vendor": "danny-avila",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript) can be exposed in error responses, creating an XSS risk if Content-Type isn\u0027t strictly enforced. This issue does not have a fix at the time of publication."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T22:52:20.442Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-q6c5-gvj5-c264",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-q6c5-gvj5-c264"
}
],
"source": {
"advisory": "GHSA-q6c5-gvj5-c264",
"discovery": "UNKNOWN"
},
"title": "LibreChat\u0027s lack of JSON parsing error handling can lead to XSS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66452",
"datePublished": "2025-12-11T22:52:20.442Z",
"dateReserved": "2025-12-01T18:44:35.639Z",
"dateUpdated": "2025-12-12T19:28:19.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66451 (GCVE-0-2025-66451)
Vulnerability from cvelistv5
Published
2025-12-11 22:33
Modified
2025-12-12 19:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | LibreChat |
Version: < 0.8.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66451",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T19:29:15.031943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T19:29:24.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreChat",
"vendor": "danny-avila",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However, the request bodies are not sufficiently validated for proper input, enabling users to modify prompts in a way that was not intended as part of the front end system. The patchPromptGroup function passes req.body directly to updatePromptGroup() without filtering sensitive fields. This issue is fixed in version 0.8.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T22:33:24.079Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-vpqq-5qr4-655h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-vpqq-5qr4-655h"
},
{
"name": "https://github.com/danny-avila/LibreChat/commit/01413eea3d3c1454d32ca9704fa9640407839737",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/danny-avila/LibreChat/commit/01413eea3d3c1454d32ca9704fa9640407839737"
}
],
"source": {
"advisory": "GHSA-vpqq-5qr4-655h",
"discovery": "UNKNOWN"
},
"title": "LibreChat\u0027s Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66451",
"datePublished": "2025-12-11T22:33:24.079Z",
"dateReserved": "2025-12-01T18:44:35.638Z",
"dateUpdated": "2025-12-12T19:29:24.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66450 (GCVE-0-2025-66450)
Vulnerability from cvelistv5
Published
2025-12-11 22:05
Modified
2025-12-12 19:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious “tracker”, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | LibreChat |
Version: < 0.8.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66450",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T19:29:47.328969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T19:30:38.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreChat",
"vendor": "danny-avila",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be shared to other users. When sharing chats with a potentially malicious \u201ctracker\u201d, resources loaded can lead to loss of privacy for users who view the chat link that is sent to them. This issue is fixed in version 0.8.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T22:05:47.384Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-84vx-vmcf-xgpp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-84vx-vmcf-xgpp"
},
{
"name": "https://github.com/danny-avila/LibreChat/commit/6fa94d3eb8f5779363226d10dccf8b01a735744c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/danny-avila/LibreChat/commit/6fa94d3eb8f5779363226d10dccf8b01a735744c"
}
],
"source": {
"advisory": "GHSA-84vx-vmcf-xgpp",
"discovery": "UNKNOWN"
},
"title": "LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66450",
"datePublished": "2025-12-11T22:05:47.384Z",
"dateReserved": "2025-12-01T18:22:06.865Z",
"dateUpdated": "2025-12-12T19:30:38.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66201 (GCVE-0-2025-66201)
Vulnerability from cvelistv5
Published
2025-11-29 01:26
Modified
2025-12-01 14:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | LibreChat |
Version: < 0.8.1-rc2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66201",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T13:53:40.240228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:11:07.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LibreChat",
"vendor": "danny-avila",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1-rc2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its \"Actions\" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-29T01:26:18.757Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-7m2q-fjwr-5x8v"
}
],
"source": {
"advisory": "GHSA-7m2q-fjwr-5x8v",
"discovery": "UNKNOWN"
},
"title": "LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66201",
"datePublished": "2025-11-29T01:26:18.757Z",
"dateReserved": "2025-11-24T23:01:29.676Z",
"dateUpdated": "2025-12-01T14:11:07.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8849 (GCVE-0-2025-8849)
Vulnerability from cvelistv5
Published
2025-10-30 23:42
Modified
2025-10-31 15:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Version: unspecified < v0.8.0-rc2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8849",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:59:52.273037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T15:09:34.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.8.0-rc2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:42:41.552Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/e9d9404c-cd19-4226-a580-9cba14b7d7d6"
},
{
"url": "https://github.com/danny-avila/librechat/commit/edf33bedcbb08c33e59df76f06454ed7efd896f9"
}
],
"source": {
"advisory": "e9d9404c-cd19-4226-a580-9cba14b7d7d6",
"discovery": "EXTERNAL"
},
"title": "Denial of Service in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-8849",
"datePublished": "2025-10-30T23:42:41.552Z",
"dateReserved": "2025-08-10T18:16:35.321Z",
"dateUpdated": "2025-10-31T15:09:34.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8850 (GCVE-0-2025-8850)
Vulnerability from cvelistv5
Published
2025-10-30 19:59
Modified
2025-11-05 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-440 - Expected Behavior Violation
Summary
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint '/api/auth/2fa/disable' is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Version: unspecified < v0.8.0-rc2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:57:10.072224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T14:57:26.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThan": "v0.8.0-rc2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint \u0027/api/auth/2fa/disable\u0027 is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-440",
"description": "CWE-440 Expected Behavior Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T19:59:36.327Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/8e615709-f4de-41e2-b194-f0d91ed7c75e"
},
{
"url": "https://github.com/danny-avila/librechat/commit/7e4c8a5d0d2dbe5bf8fd272ff6acafb27d24744f"
}
],
"source": {
"advisory": "8e615709-f4de-41e2-b194-f0d91ed7c75e",
"discovery": "EXTERNAL"
},
"title": "Insecure API Design in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-8850",
"datePublished": "2025-10-30T19:59:36.327Z",
"dateReserved": "2025-08-10T19:01:03.291Z",
"dateUpdated": "2025-11-05T14:57:26.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8848 (GCVE-0-2025-8848)
Vulnerability from cvelistv5
Published
2025-10-22 13:54
Modified
2025-10-30 18:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code
Summary
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the <html lang=""> tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danny-avila | danny-avila/librechat |
Version: unspecified < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T18:22:29.814728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:22:51.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "danny-avila/librechat",
"vendor": "danny-avila",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the \u003chtml lang=\"\"\u003e tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:54:00.389Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/a05ebc1f-882a-4adc-b178-d3cefa4b730e"
}
],
"source": {
"advisory": "a05ebc1f-882a-4adc-b178-d3cefa4b730e",
"discovery": "EXTERNAL"
},
"title": "HTML Injection in Accept-Language Header in danny-avila/librechat"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2025-8848",
"datePublished": "2025-10-22T13:54:00.389Z",
"dateReserved": "2025-08-10T18:16:29.790Z",
"dateUpdated": "2025-10-30T18:22:51.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}