Home > Vulnerability Database > CVE-2025-69221

Mend.io Vulnerability Database

CVE-2025-69221

Good to know:

Date: January 7, 2026

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the configuration of agents that have a predefined set of instructions and context. Private agents are not visible to other users. However, if an attacker knows the agent ID, they can read the permissions of the agent including the permissions individually assigned to other users. This issue is fixed in version 0.8.2-rc2.

Severity Score

4.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-69221

Url: https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2

Url: https://github.com/danny-avila/LibreChat/commit/06ba025bd95574c815ac6968454be7d3b024391c

Url: https://github.com/danny-avila/LibreChat/security/advisories/GHSA-5ccx-4r3h-9qc7

Url: https://www.mend.io/vulnerability-database/CVE-2025-69221

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version https://github.com/danny-avila/LibreChat.git - v0.8.2-rc2

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-69221

Good to know:

Date: January 7, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?