CVE-2025-41258

CVSS v3.1

8.0

High

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-41258

Affected Products

Librechat

CVE-2025-41258

Weakness Enumeration

Related Identifiers

Affected Products

References · 3