Description

LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.

INFO

Published Date :

2025-08-05T04:53:08.166Z

Last Modified :

2025-08-05T16:19:02.005Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54868 vulnerability.

Vendors Products
Librechat
  • Librechat
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54868.

URL Resource
https://github.com/danny-avila/LibreChat/commit/0e8041bcac616949c42a68dfb8f108ccc4db5151 cve-icon cve-icon
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-p5j8-m4wh-ffmw cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact