Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-69220

Good to know:

icon
icon

Date: January 7, 2026

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to the file context or file search, even if they have no permissions for this agent. This issue is fixed in version 0.8.2-rc2.

Severity Score

Related Resources (10)

https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.html
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-xcmf-rpmh-hg59
https://nvd.nist.gov/vuln/detail/CVE-2025-69220
https://raw.githubusercontent.com/OWASP/ASVS/v5.0.0/5.0/OWASP_Application_Security_Verification_Standard_5.0.0_en.pdf
https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2
https://owasp.org/Top10/A01_2021-Broken_Access_Control
https://cwe.mitre.org/data/definitions/862.html
https://github.com/danny-avila/LibreChat/commit/4b9c6ab1cb9de626736de700c7981f38be08d237
https://cwe.mitre.org/data/definitions/284.html
https://www.mend.io/vulnerability-database/CVE-2025-69220

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/danny-avila/LibreChat.git - v0.8.2-rc2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): LOW

Do you need more information?

Contact Us