AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-69221: LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when que

mediumvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseJanuary 7, 2026CVE-2025-69221

Summary

LibreChat version 0.8.1-rc2 has an access control vulnerability where authenticated attackers (users who have logged in) can read permissions of any agent (a predefined AI assistant with specific instructions) without proper authorization, even if they shouldn't have access to that agent. If an attacker knows an agent's ID number, they can view permissions that other users have been granted for that agent.

Solution / Mitigation

This issue is fixed in version 0.8.2-rc2.

Vulnerability Details

CVSS Score

4.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-284 CWE-862 CWE-862

CAPEC (Attack Pattern)

CAPEC-122

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-69221

First tracked: February 15, 2026 at 08:50 PM

Classified by LLM (prompt v3) · confidence: 85%