VDB
CVE-2025-69220
CVE-2025-69220
PUBLISHED
CVSS 7.099999904632568 HIGH
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to the file context or file search, even if they have no permissions for this agent. This issue is fixed in version 0.8.2-rc2.
EPSS 0.05% · 15.0th percentile
Risk Scores
CVSS v3.1
7.099999904632568
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L
EPSS Score
0.05%
15.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| danny-avila | LibreChat | * |
| librechat | librechat | 0.8.1, 0.8.1 |
Timeline
- Dec 29, 2025 CVE ID Reserved
- Jan 7, 2026 CVE Published
- Jan 7, 2026 CVE Updated
- Jan 8, 2026 EPSS Score
- Jan 11, 2026 EPSS Score
- Jan 14, 2026 EPSS Score
- Jan 17, 2026 EPSS Score
- Jan 21, 2026 EPSS Score
- Jan 24, 2026 EPSS Score
- Jan 27, 2026 EPSS Score
- Jan 30, 2026 EPSS Score
- Feb 2, 2026 EPSS Score
References
- https://cwe.mitre.org/data/definitions/862.html technical
- https://github.com/danny-avila/LibreChat/commit/4b9c6ab1cb9de626736de700c7981f38be08d237 patch
- https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2 technical
- https://github.com/danny-avila/LibreChat/security/advisories/GHSA-xcmf-rpmh-hg59 exploit
- https://owasp.org/Top10/A01_2021-Broken_Access_Control technical
- https://cwe.mitre.org/data/definitions/284.html url
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.html url
- https://raw.githubusercontent.com/OWASP/ASVS/v5.0.0/5.0/OWASP_Application_Security_Verification_Standard_5.0.0_en.pdf url