CVE-2025-41258

Published: Mar 18, 2026 Last Modified: Mar 18, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,0

Source: 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

284

Improper Access Control

Incomplete

Abstraction: Pillar Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Varies By Context

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific, Web Based

View CWE Details

https://github.com/danny-avila/LibreChat

https://github.com/sbaresearch/advisories/tree/public/2025/…

https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_…

CVE-2025-41258

Description

Improper Access Control

Common Consequences

Applicable Platforms

Iscriviti alla newsletter