{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7105", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-07-05T18:47:52.748Z", "datePublished": "2026-02-02T10:36:24.368Z", "dateUpdated": "2026-02-02T13:19:12.269Z"}, "containers": {"cna": {"title": "Denial of Service via JavaScript Memory Overflow in danny-avila/librechat", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2026-02-02T10:36:24.368Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. This issue affects the latest version of the product."}], "affected": [{"vendor": "danny-avila", "product": "danny-avila/librechat", "versions": [{"version": "unspecified", "lessThan": "v0.7.9", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/e44f0740-48bd-443b-8826-528e6afe9e34"}, {"url": "https://github.com/danny-avila/librechat/commit/97a99985fa339db0a21ad63604e0bb8db4442ffc"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.7, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption", "cweId": "CWE-400"}]}], "source": {"advisory": "e44f0740-48bd-443b-8826-528e6afe9e34", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-02T13:15:42.711798Z", "id": "CVE-2025-7105", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T13:19:12.269Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7105", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-02T13:15:42.711798Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T13:15:53.237Z"}}], "cna": {"title": "Denial of Service via JavaScript Memory Overflow in danny-avila/librechat", "source": {"advisory": "e44f0740-48bd-443b-8826-528e6afe9e34", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "danny-avila", "product": "danny-avila/librechat", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "v0.7.9", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/e44f0740-48bd-443b-8826-528e6afe9e34"}, {"url": "https://github.com/danny-avila/librechat/commit/97a99985fa339db0a21ad63604e0bb8db4442ffc"}], "descriptions": [{"lang": "en", "value": "A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. This issue affects the latest version of the product."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2026-02-02T10:36:24.368Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7105", "state": "PUBLISHED", "dateUpdated": "2026-02-02T13:19:12.269Z", "dateReserved": "2025-07-05T18:47:52.748Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2026-02-02T10:36:24.368Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. This issue affects the latest version of the product."}, {"lang": "es", "value": "Una vulnerabilidad en danny-avila/librechat permite a los atacantes explotar la funci\u00f3n Fork sin restricciones en /api/convos/fork para bifurcar numerosos contenidos r\u00e1pidamente. Si el contenido bifurcado incluye un gr\u00e1fico Mermaid con un gran n\u00famero de nodos, puede provocar un error de agotamiento de memoria del heap de JavaScript al reiniciar el servicio, causando una denegaci\u00f3n de servicio. Este problema afecta a la \u00faltima versi\u00f3n del producto."}], "id": "CVE-2025-7105", "lastModified": "2026-04-15T14:34:27.800", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2026-02-02T11:16:17.340", "references": [{"source": "security@huntr.dev", "url": "https://github.com/danny-avila/librechat/commit/97a99985fa339db0a21ad63604e0bb8db4442ffc"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/e44f0740-48bd-443b-8826-528e6afe9e34"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}

{"created": "2026-02-04T12:45:01.868543+00:00", "updated": "2026-02-04T12:45:01.868615+00:00", "vendors": ["librechat", "librechat$PRODUCT$librechat"]}