CVE-2025-69220
Improper Access Control in LibreChat Agent File Uploads
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| danny_avila | librechat | 0.8.1-rc2 |
| danny_avila | librechat | 0.8.2-rc2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in LibreChat version 0.8.1-rc2 involves improper access control on file uploads related to agents. An authenticated attacker who knows the agent ID can upload arbitrary files to the agent's file context or file search without having the necessary permissions. This unauthorized file upload can change the behavior of the agent by injecting new instructions or data, effectively bypassing authorization controls. The issue arises because the software does not enforce proper permission checks on these file uploads, allowing attackers with low privileges to manipulate agents they should not have access to. The vulnerability is fixed in version 0.8.2-rc2 by enforcing strict permission validation on file uploads. [4, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with low privileges and knowledge of an agent ID to upload unauthorized files to that agent, thereby changing its behavior. Although the attacker cannot read or modify the agent configuration directly, they can inject files that alter how the agent responds or operates, leading to a high integrity loss. This could result in manipulated agent outputs, potentially misleading users or causing unintended actions. The availability impact is low, and there is no confidentiality loss, but the integrity compromise can have serious consequences depending on the agent's role. [4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by performing authorization bypass testing focused on file upload endpoints related to agents. Techniques include testing if authenticated users can upload files to agents they do not have permission to modify by manipulating agent IDs in requests. Testing should cover horizontal authorization bypass (different users with same roles) and vertical authorization bypass (lower privilege users attempting higher privilege actions). Tools like OWASP ZAP with Access Control Testing add-on or PortSwigger Burp Suite with AuthMatrix and Autorize extensions can be used to automate these tests. Specific commands would involve crafting HTTP POST requests to the file upload endpoint with altered agent_id parameters and observing if unauthorized uploads are accepted or rejected. Additionally, testing for bypass via special headers (e.g., X-Original-URL) or spoofed IP headers can be performed to check if access controls are enforced server-side. Examples include intercepting and modifying requests with tools like curl or Burp Suite to test permission enforcement on file uploads. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading LibreChat to version 0.8.2-rc2 or later, where strict permission checks on file uploads to agents are enforced. Until the upgrade, restrict access to the file upload endpoints to trusted users only, and monitor for unauthorized upload attempts. Implement server-side authorization checks to ensure only agent authors, users with EDIT permissions, or admins can upload files to agents. Deny upload requests from users lacking these permissions with appropriate HTTP 403 responses. Additionally, review and enforce least privilege principles for user roles and permissions related to agents. Logging and alerting on unauthorized upload attempts should be enabled to detect exploitation attempts. [3, 4]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized users to upload files to agents they do not have permission to access, leading to unauthorized modification of agent behavior. This represents a failure in enforcing proper access control and authorization, which can violate security best practices outlined in standards like OWASP ASVS. While the CVE description and resources do not explicitly mention GDPR or HIPAA compliance, such unauthorized access and modification could lead to integrity issues and potential misuse of data, thereby impacting compliance with regulations that require strict access controls and data integrity protections. The fix enforces strict permission checks to align with secure authorization practices, which supports compliance efforts. [2, 4]