{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-41258","assignerOrgId":"1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a","state":"PUBLISHED","assignerShortName":"sba-research","dateReserved":"2025-04-16T09:37:50.631Z","datePublished":"2026-03-18T11:08:19.866Z","dateUpdated":"2026-03-18T14:19:49.089Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a","shortName":"sba-research","dateUpdated":"2026-03-18T11:08:19.866Z"},"title":"LibreChat RAG API Authentication Bypass","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-284","description":"CWE-284 Improper Access Control","type":"CWE"}]}],"affected":[{"vendor":"danny-avila","product":"LibreChat","repo":"https://github.com/danny-avila/LibreChat","versions":[{"status":"affected","version":"0.8.1-rc2"}],"defaultStatus":"unknown"}],"descriptions":[{"lang":"en","value":"LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.","supportingMedia":[{"type":"text/html","base64":false,"value":"<div>LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.</div>"}]}],"references":[{"url":"https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass","tags":["third-party-advisory"]},{"url":"https://github.com/danny-avila/LibreChat","tags":["product"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":8,"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}],"credits":[{"lang":"en","value":"Lisa Gnedt (SBA Research)","type":"finder"},{"lang":"en","value":"Michael Koppmann (SBA Research)","type":"finder"}],"source":{"advisory":"SBA-ADV-20251205-01","discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.1"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-18T14:19:38.492927Z","id":"CVE-2025-41258","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-18T14:19:49.089Z"}}]}}