PT-2025-12039 · Librechat · Librechat

Published

2025-03-20

Updated

2025-03-20

CVE-2024-10363

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions danny-avila/LibreChat version 0.7.5

Description The issue is related to improper access control, allowing users to share, use, and create prompts without permission from the admin. This can lead to unauthorized actions and break application logic and permissions.

Recommendations For version 0.7.5, consider restricting user permissions to create, share, and use prompts until a proper access control mechanism is implemented to require admin permission for these actions.

Exploit

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2024-10363

Affected Products

Librechat

PT-2025-12039 · Librechat · Librechat

CVE-2024-10363

Weakness Enumeration

Related Identifiers

Affected Products

References · 5