CVE-2025-41258 Librechat — Exploit & Vulnerability Details HIGH

CVE-2025-41258

HIGH CVSS 3.1: 8.0 EPSS 0.06%

Parameter	Value
CVSS	8.0 (HIGH)
Type	CWE-284 (Improper Access Control)
Vendor	Librechat
Public PoC	No

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

Attack Parameters

Attack Vector

Adjacent

Requires local network access

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-284 Improper Access Control

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Librechat Librechat cpe:2.3:a:librechat:librechat:0.8.1:rc2::::::	—	—

References 2

https://github.com/danny-avila/LibreChat

1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a

https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_…

1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31951

Librechat

5.7

CVE-2026-31950

Librechat

5.3

CVE-2026-31945

GitHub

7.7

CVE-2026-31943

Librechat

8.5

CVE-2026-33265

Librechat

9.0

Menu

CVE-2025-41258

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 2

Related Vulnerabilities

CVE-2026-31951

CVE-2026-31950

CVE-2026-31945

CVE-2026-31943

CVE-2026-33265

CVE Details

Editor's Choice

Menu

CVE-2025-41258

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 2

Related Vulnerabilities

CVE-2026-31951

CVE-2026-31950

CVE-2026-31945

CVE-2026-31943

CVE-2026-33265

CVE Details

Editor's Choice

Stay informed on cybersecurity