CVE-2025-6088
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2025-10-16

Assigner: huntr.dev

Description
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they can be obtained from less-protected sources such as server-side access logs, browser history, or screenshots. The vulnerability permits a logged-in user to gain read-only access to another user's conversations by exploiting the `/api/share/conversationID` endpoint, which lacks authorization checks. This issue is resolved in version v0.7.9-rc1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2025-10-16
Generated
2026-06-16
AI Q&A
2025-09-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-6088
EUVD
EUVD-2025-27623
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
librechat librechat 0.7.8
librechat librechat 0.7.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

In version 0.7.8 of danny-avila/librechat, there is a vulnerability in the conversation sharing feature where improper authorization controls allow a logged-in user to access other users' conversations if they know the conversation ID. Although these IDs are UUIDv4 and hard to guess, they can be obtained from less secure sources like server logs, browser history, or screenshots. The vulnerability exists because the /api/share/conversationID endpoint does not perform authorization checks, allowing unauthorized read-only access to conversations. This issue was fixed in version 0.7.9-rc1.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of private conversation data to other logged-in users if they obtain a valid conversation ID. Although the access is read-only, sensitive information shared in conversations could be exposed, potentially compromising user privacy and confidentiality.

Detection Guidance

This vulnerability can be detected by monitoring access to the `/api/share/conversationID` endpoint for unauthorized read attempts. Since the issue involves unauthorized access when a conversation ID is known, you can check server access logs for suspicious requests to this endpoint from logged-in users who should not have access. Commands to help detect this include using grep or similar tools to search logs for access patterns, for example: `grep "/api/share/" /var/log/nginx/access.log` or `grep "/api/share/" /path/to/app/logs/*.log`. Additionally, reviewing browser histories or screenshots for leaked conversation IDs may help identify exposure. However, no specific detection commands are provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the LibreChat application to version v0.7.9-rc1 or later, where the authorization checks on the `/api/share/conversationID` endpoint have been properly implemented and the vulnerability fixed. Additionally, restrict access to server-side logs and other sources that might expose conversation IDs, and educate users to avoid sharing screenshots or browser histories that contain these IDs. If upgrading immediately is not possible, consider implementing temporary access controls or monitoring on the vulnerable endpoint to detect and block unauthorized access. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-6088. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart