LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:* |
Tue, 05 Aug 2025 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Librechat
Librechat librechat |
|
Vendors & Products |
Librechat
Librechat librechat |
Tue, 05 Aug 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 05 Aug 2025 05:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7. | |
Title | LibreChat exposes arbitrary chats through Meilisearch engine | |
Weaknesses | CWE-285 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-08-05T16:19:02.005Z
Reserved: 2025-07-31T17:23:33.472Z
Link: CVE-2025-54868

Updated: 2025-08-05T16:18:58.193Z

Status : Analyzed
Published: 2025-08-05T05:15:37.950
Modified: 2025-08-26T13:41:36.950
Link: CVE-2025-54868

No data.

Updated: 2025-08-05T21:23:03Z