CVE-2025-54868
📋 TL;DR
LibreChat versions 0.0.6 through 0.7.7-rc1 have an exposed testing endpoint (/api/search/test) that allows unauthorized access to read arbitrary user chats from the Meilisearch engine. This vulnerability enables attackers to view private conversations without authentication. All LibreChat instances running affected versions are at risk.
💻 Affected Systems
- LibreChat
📦 What is this software?
Librechat by Librechat
⚠️ Risk & Real-World Impact
Worst Case
Mass exfiltration of all user chat histories, leading to privacy violations, data breaches, and potential exposure of sensitive information.
Likely Case
Unauthorized reading of random user chats, compromising user privacy and potentially exposing confidential conversations.
If Mitigated
No impact if proper access controls are implemented or the vulnerable endpoint is disabled.
🎯 Exploit Status
Simple HTTP request to /api/search/test endpoint can retrieve chat data.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.7.7
Vendor Advisory: https://github.com/danny-avila/LibreChat/security/advisories/GHSA-p5j8-m4wh-ffmw
Restart Required: Yes
Instructions:
1. Update LibreChat to version 0.7.7 or later. 2. Restart the LibreChat service. 3. Verify the /api/search/test endpoint is no longer accessible.
🔧 Temporary Workarounds
Disable testing endpoint
linuxBlock access to the vulnerable /api/search/test endpoint
iptables -A INPUT -p tcp --dport 80 -m string --string '/api/search/test' --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string '/api/search/test' --algo bm -j DROP
Restrict endpoint access
allConfigure web server to block /api/search/test path
# For nginx: location /api/search/test { deny all; }
# For Apache: <Location /api/search/test> Require all denied </Location>
🧯 If You Can't Patch
- Implement network-level access controls to restrict access to the /api/search/test endpoint
- Disable Meilisearch integration if not required
🔍 How to Verify
Check if Vulnerable:
Send HTTP GET request to /api/search/test endpoint and check if it returns chat data without authentication.Check Version:
Check LibreChat version in web interface or configuration files.Verify Fix Applied:
Attempt to access /api/search/test endpoint after patching - should return 404 or access denied.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /api/search/test endpoint
- Unusual access patterns to search endpoints
- Unauthorized access attempts to chat data
Network Indicators:
- HTTP GET requests to /api/search/test path
- Traffic to Meilisearch port from unauthorized sources
SIEM Query:
source="web_server" AND (uri_path="/api/search/test" OR user_agent="*curl*" OR user_agent="*wget*")