CVE-2025-69221 – LibreChat version 0.8.1-rc2 has an improper acc... (How to Fix)

Q: What is the severity of CVE-2025-69221?

CVE-2025-69221 has a CVSS score of 4.3 (MEDIUM). LibreChat version 0.8.1-rc2 has an improper access control vulnerability where authenticated users can read permissions of arbitrary agents by knowing their agent IDs. This allows attackers to view private agent permissions including individual user assignments. All LibreChat instances running the vulnerable version are affected.

📋 TL;DR

LibreChat version 0.8.1-rc2 has an improper access control vulnerability where authenticated users can read permissions of arbitrary agents by knowing their agent IDs. This allows attackers to view private agent permissions including individual user assignments. All LibreChat instances running the vulnerable version are affected.

💻 Affected Systems

Products:

LibreChat

Versions: Version 0.8.1-rc2

Operating Systems: All platforms running LibreChat

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects instances with agent functionality enabled. Requires authenticated user access.

📦 What is this software?

Librechat by Librechat

View all CVEs affecting Librechat →

Librechat by Librechat

View all CVEs affecting Librechat →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map all agent permissions across the system, potentially identifying sensitive agents and their authorized users for targeted attacks.

🟠

Likely Case

Information disclosure of agent permission structures, revealing which users have access to specific private agents.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring, though information leakage still occurs.

🌐 Internet-Facing: MEDIUM - Requires authentication but exposes internal permission structures to potential attackers.

🏢 Internal Only: MEDIUM - Insider threats or compromised accounts could map agent permissions for lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simple API request with known agent ID.

Exploitation requires authenticated access and knowledge of agent IDs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.8.2-rc2

Vendor Advisory: https://github.com/danny-avila/LibreChat/security/advisories/GHSA-5ccx-4r3h-9qc7

Restart Required: Yes

Instructions:

1. Backup current installation. 2. Update to version 0.8.2-rc2 via git pull or package update. 3. Restart LibreChat service. 4. Verify fix by testing agent permission queries.

🔧 Temporary Workarounds

Disable agent functionality

all

Temporarily disable agent features if not required

Modify LibreChat configuration to disable agent endpoints

Implement API gateway filtering

all

Add WAF or reverse proxy rules to block unauthorized agent permission queries

Configure rules to validate user permissions before agent API requests

🧯 If You Can't Patch

Implement strict network segmentation to limit access to LibreChat instance
Enable detailed logging of all agent permission queries and monitor for suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Check if running version 0.8.1-rc2. Attempt to query agent permissions for agents you don't have access to.

Check Version:

Check package.json or git tag for version information

Verify Fix Applied:

After updating to 0.8.2-rc2, verify that unauthorized agent permission queries return proper access denied errors.

📡 Detection & Monitoring

Log Indicators:

Multiple failed or successful agent permission queries from single user
Agent permission queries for non-accessible agent IDs

Network Indicators:

Unusual pattern of GET requests to /api/agents/*/permissions endpoints

SIEM Query:

source="librechat" AND (uri_path="/api/agents/*/permissions" AND response_code=200) | stats count by user, agent_id

📊 Metadata

CVE ID: CVE-2025-69221

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-284

EPSS Score: 0.03% exploit probability (7.3th percentile)

Published: January 7, 2026

Last Updated: January 15, 2026

🔗 References

https://github.com/danny-avila/LibreChat/commit/06ba025bd95574c815ac6968454be7d3b024391c Patch
https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2 Release Notes
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-5ccx-4r3h-9qc7 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69221, you might also want to check these: