CVE-2025-7105

Name of the Vulnerable Software and Affected Versions librechat (affected versions not specified)

Description A flaw exists in danny-avila/librechat that allows attackers to exploit the unrestricted Fork Function. The vulnerable function is located at the /api/convos/fork endpoint. By rapidly forking numerous contents, an attacker can cause a denial of service. Specifically, forking content containing a Mermaid graph with a large number of nodes can lead to a JavaScript heap out of memory error when the service is restarted. The fork function allows uncontrolled forking of content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.