CVE-2025-54868
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-05

Last updated on: 2025-08-26

Assigner: GitHub, Inc.

Description
LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-05
Last Modified
2025-08-26
Generated
2026-05-27
AI Q&A
2025-08-05
EPSS Evaluated
2026-05-25
NVD
CVE-2025-54868
EUVD
EUVD-2025-23599
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
librechat librechat From 0.0.6 (inc) to 0.7.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in LibreChat versions 0.0.6 through 0.7.7-rc1 is due to an exposed testing endpoint, /api/search/test, which lacks proper access control. This allows an attacker to read arbitrary user chats stored in the Meilisearch engine by sending crafted GET requests to this endpoint. The attacker can retrieve chat data including unique identifiers, conversation IDs, sender information, and message text without any privileges or user interaction, leading to a confidentiality breach. [1]


How can this vulnerability impact me? :

The impact of this vulnerability is a complete breach of confidentiality. An attacker can remotely access and read any user's chat data stored in LibreChat without modifying or disrupting the system's integrity or availability. This means sensitive or private conversations can be exposed to unauthorized parties. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for the presence and accessibility of the exposed testing endpoint `/api/search/test` on the LibreChat server. You can send a crafted GET request to this endpoint with or without the query parameter `q` to see if it returns chat data. For example, using curl: `curl -v http://<target-host>/api/search/test?q=secret` or `curl -v http://<target-host>/api/search/test`. If the endpoint returns chat data in JSON format without authentication, the vulnerability is present. [1]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade LibreChat to version 0.7.7 or later, where the vulnerability is fixed by removing the exposed `/api/search/test` endpoint and adding proper access controls. If upgrading is not immediately possible, restrict network access to the `/api/search/test` endpoint to trusted users only or disable the search feature via environment variables to prevent exploitation. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart