{"data":{"id":"1b8ba6cc-8259-4630-a276-e78df9ed3bf0","title":"CVE-2025-69221: LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when\nque","summary":"LibreChat version 0.8.1-rc2 has an access control vulnerability where authenticated attackers (users who have logged in) can read permissions of any agent (a predefined AI assistant with specific instructions) without proper authorization, even if they shouldn't have access to that agent. If an attacker knows an agent's ID number, they can view permissions that other users have been granted for that agent.","solution":"This issue is fixed in version 0.8.2-rc2.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-69221","publishedAt":"2026-01-08T02:15:59.760Z","cveId":"CVE-2025-69221","cweIds":["CWE-284","CWE-862","CWE-862"],"cvssScore":"4.3","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["LibreChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00028,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}