{"data":{"id":"83ae531f-4c36-4e78-8ef2-2f1db6149343","title":"CVE-2025-69220: LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file","summary":"LibreChat version 0.8.1-rc2 has a missing authorization (a failure to check if a user has permission to do something) vulnerability that allows an authenticated attacker to upload files to any agent's file storage if they know the agent's ID, even without proper permissions. This could let attackers change how agents behave by adding malicious files.","solution":"This issue is fixed in version 0.8.2-rc2. Users should update to this version or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-69220","publishedAt":"2026-01-08T02:15:59.547Z","cveId":"CVE-2025-69220","cweIds":["CWE-284","CWE-862","CWE-862"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["LibreChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00033,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}