What is the CVSS score of CVE-2025-69220?

CVE-2025-69220 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L. EPSS exploitation probability: 0.0%.

Which versions of AI / ML are affected by CVE-2025-69220?

Organizations using LibreChat face moderate risk from CVE-2025-69220, a improper access control vulnerability rated CVSS 7.1. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2025-69220?

Yes, a public proof-of-concept exploit is available for CVE-2025-69220. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-69220?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

AI / ML CVE-2025-69220

HIGH

Improper Access Control (CWE-284)

2026-01-07 security-advisories@github.com

Authentication Bypass AI / ML Librechat

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 15, 2026 - 21:44 vuln.today

Public exploit code

Patch released

Jan 15, 2026 - 21:44 nvd

Patch available

CVE Published

Jan 07, 2026 - 21:15 nvd

HIGH 7.1

DescriptionNVD

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to the file context or file search, even if they have no permissions for this agent. This issue is fixed in version 0.8.2-rc2.

AnalysisAI

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. [CVSS 7.1 HIGH]

Technical ContextAI

Classified as CWE-284 (Improper Access Control). Affects Librechat. LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to the file context or file search, even if they have no permissions for this agent. This issue is fixed in version 0.8.2-rc2.

RemediationAI

A vendor patch is available — apply it immediately. Fixed in version 0.8.2. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.

CVE-2025-69220 vulnerability details – vuln.today

Back