CVE-2025-69220
Unknown Unknown - Not Provided
Improper Access Control in LibreChat Agent File Uploads

Publication date: 2026-01-07

Last updated on: 2026-01-07

Assigner: GitHub, Inc.

Description
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to the file context or file search, even if they have no permissions for this agent. This issue is fixed in version 0.8.2-rc2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-07
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69220
EUVD
EUVD-2025-206261
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
danny_avila librechat 0.8.1-rc2
danny_avila librechat 0.8.2-rc2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in LibreChat version 0.8.1-rc2 involves improper access control on file uploads related to agents. An authenticated attacker who knows the agent ID can upload arbitrary files to the agent's file context or file search without having the necessary permissions. This unauthorized file upload can change the behavior of the agent by injecting new instructions or data, effectively bypassing authorization controls. The issue arises because the software does not enforce proper permission checks on these file uploads, allowing attackers with low privileges to manipulate agents they should not have access to. The vulnerability is fixed in version 0.8.2-rc2 by enforcing strict permission validation on file uploads. [4, 3]

Impact Analysis

This vulnerability can impact you by allowing an attacker with low privileges and knowledge of an agent ID to upload unauthorized files to that agent, thereby changing its behavior. Although the attacker cannot read or modify the agent configuration directly, they can inject files that alter how the agent responds or operates, leading to a high integrity loss. This could result in manipulated agent outputs, potentially misleading users or causing unintended actions. The availability impact is low, and there is no confidentiality loss, but the integrity compromise can have serious consequences depending on the agent's role. [4]

Detection Guidance

This vulnerability can be detected by performing authorization bypass testing focused on file upload endpoints related to agents. Techniques include testing if authenticated users can upload files to agents they do not have permission to modify by manipulating agent IDs in requests. Testing should cover horizontal authorization bypass (different users with same roles) and vertical authorization bypass (lower privilege users attempting higher privilege actions). Tools like OWASP ZAP with Access Control Testing add-on or PortSwigger Burp Suite with AuthMatrix and Autorize extensions can be used to automate these tests. Specific commands would involve crafting HTTP POST requests to the file upload endpoint with altered agent_id parameters and observing if unauthorized uploads are accepted or rejected. Additionally, testing for bypass via special headers (e.g., X-Original-URL) or spoofed IP headers can be performed to check if access controls are enforced server-side. Examples include intercepting and modifying requests with tools like curl or Burp Suite to test permission enforcement on file uploads. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading LibreChat to version 0.8.2-rc2 or later, where strict permission checks on file uploads to agents are enforced. Until the upgrade, restrict access to the file upload endpoints to trusted users only, and monitor for unauthorized upload attempts. Implement server-side authorization checks to ensure only agent authors, users with EDIT permissions, or admins can upload files to agents. Deny upload requests from users lacking these permissions with appropriate HTTP 403 responses. Additionally, review and enforce least privilege principles for user roles and permissions related to agents. Logging and alerting on unauthorized upload attempts should be enabled to detect exploitation attempts. [3, 4]

Compliance Impact

The vulnerability allows unauthorized users to upload files to agents they do not have permission to access, leading to unauthorized modification of agent behavior. This represents a failure in enforcing proper access control and authorization, which can violate security best practices outlined in standards like OWASP ASVS. While the CVE description and resources do not explicitly mention GDPR or HIPAA compliance, such unauthorized access and modification could lead to integrity issues and potential misuse of data, thereby impacting compliance with regulations that require strict access controls and data integrity protections. The fix enforces strict permission checks to align with secure authorization practices, which supports compliance efforts. [2, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69220. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart