CVE-2025-41258

Summary

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

Affected Software

VendorProductVersion RangeStatus
danny-avilaLibreChat0.8.1-rc2affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References