CVE-2025-69220
HIGHDescription
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to the file context or file search, even if they have no permissions for this agent. This issue is fixed in version 0.8.2-rc2.
CVSS v3 Vector
Exploitability
Impact
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L
Exploit Intelligence
Low risk: more likely to be exploited than 20% of all known CVEs.
References
- https://cwe.mitre.org/data/definitions/284.html
- https://cwe.mitre.org/data/definitions/862.html
- https://github.com/danny-avila/LibreChat/commit/4b9c6ab1cb9de626736de700c7981f38be08d237
- https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2
- https://github.com/danny-avila/LibreChat/security/advisories/GHSA-xcmf-rpmh-hg59
- https://owasp.org/Top10/A01_2021-Broken_Access_Control
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.html
- https://raw.githubusercontent.com/OWASP/ASVS/v5.0.0/5.0/OWASP_Application_Security_Verification_Standard_5.0.0_en.pdf
Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-01-15.