{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-41258", "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "state": "PUBLISHED", "assignerShortName": "sba-research", "dateReserved": "2025-04-16T09:37:50.631Z", "datePublished": "2026-03-18T11:08:19.866Z", "dateUpdated": "2026-03-18T14:19:49.089Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "shortName": "sba-research", "dateUpdated": "2026-03-18T11:08:19.866Z"}, "title": "LibreChat RAG API Authentication Bypass", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "type": "CWE"}]}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "repo": "https://github.com/danny-avila/LibreChat", "versions": [{"status": "affected", "version": "0.8.1-rc2"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div>LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.</div>"}]}], "references": [{"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass", "tags": ["third-party-advisory"]}, {"url": "https://github.com/danny-avila/LibreChat", "tags": ["product"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Lisa Gnedt (SBA Research)", "type": "finder"}, {"lang": "en", "value": "Michael Koppmann (SBA Research)", "type": "finder"}], "source": {"advisory": "SBA-ADV-20251205-01", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T14:19:38.492927Z", "id": "CVE-2025-41258", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:19:49.089Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41258", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-18T14:19:38.492927Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:19:43.810Z"}}], "cna": {"title": "LibreChat RAG API Authentication Bypass", "source": {"advisory": "SBA-ADV-20251205-01", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Lisa Gnedt (SBA Research)"}, {"lang": "en", "type": "finder", "value": "Michael Koppmann (SBA Research)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/danny-avila/LibreChat", "vendor": "danny-avila", "product": "LibreChat", "versions": [{"status": "affected", "version": "0.8.1-rc2"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass", "tags": ["third-party-advisory"]}, {"url": "https://github.com/danny-avila/LibreChat", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.", "supportingMedia": [{"type": "text/html", "value": "<div>LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.</div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "shortName": "sba-research", "dateUpdated": "2026-03-18T11:08:19.866Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41258", "state": "PUBLISHED", "dateUpdated": "2026-03-18T14:19:49.089Z", "dateReserved": "2025-04-16T09:37:50.631Z", "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "datePublished": "2026-03-18T11:08:19.866Z", "assignerShortName": "sba-research"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:librechat:librechat:0.8.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "EF5CED68-4B6B-4E56-A41E-92DC7E7DD94D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API."}, {"lang": "es", "value": "La versi\u00f3n 0.8.1-rc2 de LibreChat utiliza el mismo secreto JWT para el mecanismo de sesi\u00f3n de usuario y la API RAG, lo que compromete la autenticaci\u00f3n a nivel de servicio de la API RAG."}], "id": "CVE-2025-41258", "lastModified": "2026-03-24T18:41:38.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}, "published": "2026-03-18T12:16:18.713", "references": [{"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "tags": ["Product"], "url": "https://github.com/danny-avila/LibreChat"}, {"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass"}], "sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.8.1-rc2"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "LibreChat", "source": "cna", "vendor": "danny-avila"}, "product": "libre_chat", "vendor": "danny-avila"}], "analysis": {"en": {"generated_at": "2026-03-18T12:50:33.838868+00:00", "value": {"mitigation_remediation": ["Separate the JWT secret used for user sessions from the one used for the RAG API; implement distinct secrets.", "If a separate secret cannot be applied immediately, rotate the shared JWT secret and enforce its use only for the RAG API after disabling the shared mechanism.", "Restrict direct network access to the RAG API endpoint with firewall or API gateway rules to limit exposure to trusted networks.", "Monitor logs for unauthorized JWT usage and implement rate limiting on RAG API endpoints."], "summary": {"action": "Patch", "impact": "Unauthorized RAG API Access"}, "threat_synthesis": {"affected_systems": "The only documented vulnerable release is danny-avila:LibreChat version 0.8.1-rc2. No other releases are currently known to use the shared secret configuration, but any additional version that retains the same key configuration may likewise be vulnerable until corrected.", "description_and_impact": "LibreChat version 0.8.1-rc2 uses the same JWT secret for both user session authentication and the Retrieval\u2011Augmented Generation (RAG) API. This design flaw violates the principle of least privilege and is a direct implementation of CWE-284 (Incorrect Access Control). Because the same cryptographic key validates both the user session and the RAG API request, an attacker that can generate a valid JWT signed with that shared secret can authenticate to the RAG API without being a legitimate user or with elevated privileges. The vulnerability therefore enables unauthorized access to the RAG API endpoints, which could expose private data or allow unintended operations.", "risk_and_exploitability": "CVSS score is 8.0, indicating a high severity flaw. EPSS score is not provided, and the vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, it is inferred that an attacker must obtain the shared JWT secret to forge a token; if the secret is exposed through misconfiguration or insecure storage, forging a token is straightforward. The risk level is high because the flaw directly bypasses service\u2011level authentication with no additional defensive checks. Organizations should assess whether their LibreChat deployment is affected and apply mitigating measures as soon as possible."}}}}, "created": "2026-03-19T08:56:43.939312+00:00", "updated": "2026-03-24T10:58:51.956702+00:00", "vendors": ["danny-avila", "danny-avila$PRODUCT$libre_chat"]}