CVE-2025-7106

Name of the Vulnerable Software and Affected Versions librechat versions prior to the fix

Description An authorization bypass exists due to incorrect access control checks. The checkAccess function within api/server/middleware/roles/access.js utilizes permissions.some() for permission validation, which incorrectly grants access when only one of several required permissions is present. This allows users with the 'USER' role to perform actions, such as creating agents, even if they lack specific permissions like CREATE: false. The issue impacts other permission checks, including those for PROMPTS. The vulnerable function is checkAccess. The vulnerable parameter is permissions.

Recommendations Update to a version of librechat that addresses this authorization bypass.