CVE-2025-41258

Name of the Vulnerable Software and Affected Versions LibreChat version 0.8.1-rc2

Description LibreChat version 0.8.1-rc2 utilizes the same JWT secret for both the user session mechanism and the RAG API, which compromises the service-level authentication of the RAG API. This shared secret creates a security issue where authentication for the RAG API is vulnerable due to the reuse of the JWT secret. The RAG API is an endpoint used for Retrieval-Augmented Generation, a technique used to enhance the capabilities of large language models. JWT (JSON Web Token) is a standard for securely transmitting information between parties as a JSON object.

Recommendations Update to a newer version that contains a fix for this vulnerability.