{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-41258", "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "state": "PUBLISHED", "assignerShortName": "sba-research", "dateReserved": "2025-04-16T09:37:50.631Z", "datePublished": "2026-03-18T11:08:19.866Z", "dateUpdated": "2026-03-18T14:19:49.089Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "shortName": "sba-research", "dateUpdated": "2026-03-18T11:08:19.866Z"}, "title": "LibreChat RAG API Authentication Bypass", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "type": "CWE"}]}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "repo": "https://github.com/danny-avila/LibreChat", "versions": [{"status": "affected", "version": "0.8.1-rc2"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div>LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.</div>"}]}], "references": [{"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass", "tags": ["third-party-advisory"]}, {"url": "https://github.com/danny-avila/LibreChat", "tags": ["product"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Lisa Gnedt (SBA Research)", "type": "finder"}, {"lang": "en", "value": "Michael Koppmann (SBA Research)", "type": "finder"}], "source": {"advisory": "SBA-ADV-20251205-01", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T14:19:38.492927Z", "id": "CVE-2025-41258", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:19:49.089Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41258", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-18T14:19:38.492927Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:19:43.810Z"}}], "cna": {"title": "LibreChat RAG API Authentication Bypass", "source": {"advisory": "SBA-ADV-20251205-01", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Lisa Gnedt (SBA Research)"}, {"lang": "en", "type": "finder", "value": "Michael Koppmann (SBA Research)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/danny-avila/LibreChat", "vendor": "danny-avila", "product": "LibreChat", "versions": [{"status": "affected", "version": "0.8.1-rc2"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass", "tags": ["third-party-advisory"]}, {"url": "https://github.com/danny-avila/LibreChat", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.", "supportingMedia": [{"type": "text/html", "value": "<div>LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.</div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "shortName": "sba-research", "dateUpdated": "2026-03-18T11:08:19.866Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41258", "state": "PUBLISHED", "dateUpdated": "2026-03-18T14:19:49.089Z", "dateReserved": "2025-04-16T09:37:50.631Z", "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "datePublished": "2026-03-18T11:08:19.866Z", "assignerShortName": "sba-research"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:librechat:librechat:0.8.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "EF5CED68-4B6B-4E56-A41E-92DC7E7DD94D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API."}, {"lang": "es", "value": "La versi\u00f3n 0.8.1-rc2 de LibreChat utiliza el mismo secreto JWT para el mecanismo de sesi\u00f3n de usuario y la API RAG, lo que compromete la autenticaci\u00f3n a nivel de servicio de la API RAG."}], "id": "CVE-2025-41258", "lastModified": "2026-03-24T18:41:38.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}, "published": "2026-03-18T12:16:18.713", "references": [{"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "tags": ["Product"], "url": "https://github.com/danny-avila/LibreChat"}, {"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass"}], "sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.8.1-rc2"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "LibreChat", "source": "cna", "vendor": "danny-avila"}, "product": "libre_chat", "vendor": "danny-avila"}], "analysis": {"en": {"generated_at": "2026-03-24T19:32:11.627734+00:00", "value": {"mitigation_remediation": ["Upgrade LibreChat to a version that separates the JWT secrets for session handling and the RAG API, such as the latest release.", "If an upgrade is not immediately possible, configure the application to use distinct JWT secrets for user sessions and for the RAG API.", "Verify that RAG API requests require a valid, non\u2011shared token and enforce proper authorization checks.", "Monitor API traffic for anomalous authentication attempts and review logs for suspicious activity."], "summary": {"action": "Apply Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The affected product is LibreChat developed by Danny Avila. The vulnerability exists in the 0.8.1\u2011rc2 release. Any deployment that relies on this exact version without a distinct JWT secret configuration is exposed.", "description_and_impact": "LibreChat version 0.8.1\u2011rc2 reuses the same JWT secret for its user sessions and for the Retrieval\u2011Augmented Generation (RAG) API. This design flaw permits an attacker who can obtain or guess a valid session token to craft requests that appear authenticated to the RAG API, effectively bypassing service\u2011level protection. The consequence is unauthorized access to the RAG endpoint, potentially exposing or manipulating sensitive data. The weakness corresponds to improper authorization (CWE\u2011284).", "risk_and_exploitability": "The CVSS base score of 8 indicates high severity. The EPSS score of less than 1% suggests a low probability of active exploitation at present, and the issue is not listed in CISA\u2019s KEV catalog. The likely attack vector is remote access to the RAG API over the network, provided the attacker can obtain or guess a session token. Although the description does not explicitly state the path, this inference is based on the shared JWT usage and typical RAG API exposure. If an attacker succeeds, they could impersonate legitimate users and retrieve or modify data through the RAG endpoint."}}}}, "created": "2026-03-19T08:56:43.939312+00:00", "updated": "2026-03-25T11:52:50.694439+00:00", "vendors": ["danny-avila", "danny-avila$PRODUCT$libre_chat"]}