Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
AnalysisAI
A critical authentication bypass vulnerability exists in LibreChat version 0.8.1-rc2 where the same JWT secret is reused for both user session management and the RAG (Retrieval-Augmented Generation) API authentication. This design flaw allows authenticated users to compromise service-level authentication of the RAG API by leveraging their session tokens to access or manipulate the RAG service beyond intended privileges. No active exploitation (KEV) has been reported, but a detailed security advisory with technical analysis is publicly available from SBA Research.
Technical ContextAI
LibreChat is a web-based chat application (cpe:2.3:a:danny-avila:librechat) that implements RAG (Retrieval-Augmented Generation) functionality for enhanced AI responses. The vulnerability stems from CWE-284 (Improper Access Control) where the application uses a shared JWT signing secret across different security boundaries. When the same cryptographic key material is used to sign tokens for user sessions and service-level API authentication, users can potentially forge or reuse their session JWTs to authenticate to backend services that should have separate authentication mechanisms. This violates the principle of defense in depth and breaks service isolation.
RemediationAI
Users running LibreChat version 0.8.1-rc2 should immediately upgrade to a patched version or implement separate JWT secrets for user session management and RAG API authentication by modifying the application configuration to use distinct cryptographic keys for each authentication domain. Review the SBA Research security advisory at https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass for detailed technical guidance and consult the official LibreChat repository at https://github.com/danny-avila/LibreChat for patch availability and upgrade instructions. As an interim mitigation, restrict network access to the RAG API endpoints to only trusted service accounts and implement additional authorization checks to validate that JWT tokens used for RAG API access originate from legitimate service contexts rather than user sessions.
A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of f
An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /ap
LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests
LibreChat before v0.8.2-rc2 allows any authenticated user to execute shell commands as root inside the container through
LibreChat is a ChatGPT clone with additional features. Rated high severity (CVSS 8.6), this vulnerability is remotely ex
In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. Rated high severity (
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file
An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, lead
An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. Rated critical severity (CVSS 9.8), th
LibreChat through 0.7.4-rc1 has incorrect access control for message updates. Rated critical severity (CVSS 9.8), this v
{VAR} placeholders against the host process environment, so attacker-controlled MCP URLs cause the LibreChat backend to
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208825