CVE-2025-6088
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-10-16
Assigner: huntr.dev
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| librechat | librechat | 0.7.8 |
| librechat | librechat | 0.7.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
In version 0.7.8 of danny-avila/librechat, there is a vulnerability in the conversation sharing feature where improper authorization controls allow a logged-in user to access other users' conversations if they know the conversation ID. Although these IDs are UUIDv4 and hard to guess, they can be obtained from less secure sources like server logs, browser history, or screenshots. The vulnerability exists because the /api/share/conversationID endpoint does not perform authorization checks, allowing unauthorized read-only access to conversations. This issue was fixed in version 0.7.9-rc1.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of private conversation data to other logged-in users if they obtain a valid conversation ID. Although the access is read-only, sensitive information shared in conversations could be exposed, potentially compromising user privacy and confidentiality.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring access to the `/api/share/conversationID` endpoint for unauthorized read attempts. Since the issue involves unauthorized access when a conversation ID is known, you can check server access logs for suspicious requests to this endpoint from logged-in users who should not have access. Commands to help detect this include using grep or similar tools to search logs for access patterns, for example: `grep "/api/share/" /var/log/nginx/access.log` or `grep "/api/share/" /path/to/app/logs/*.log`. Additionally, reviewing browser histories or screenshots for leaked conversation IDs may help identify exposure. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the LibreChat application to version v0.7.9-rc1 or later, where the authorization checks on the `/api/share/conversationID` endpoint have been properly implemented and the vulnerability fixed. Additionally, restrict access to server-side logs and other sources that might expose conversation IDs, and educate users to avoid sharing screenshots or browser histories that contain these IDs. If upgrading immediately is not possible, consider implementing temporary access controls or monitoring on the vulnerable endpoint to detect and block unauthorized access. [1]