CVE-2025-8849
📋 TL;DR
LibreChat 0.7.9 is vulnerable to denial of service attacks through the /api/memories endpoint. Attackers can submit arbitrarily large 'key' or 'value' parameters, causing null pointer errors in the Rust backend that prevent memory creation functionality. This affects all LibreChat deployments running the vulnerable version.
💻 Affected Systems
- LibreChat
📦 What is this software?
Librechat by Librechat
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption where the memory creation functionality becomes unavailable, potentially affecting other dependent features and requiring service restart.
Likely Case
Intermittent service degradation where memory creation fails for legitimate users, impacting chat functionality that relies on memory storage.
If Mitigated
No impact if proper input validation is implemented to limit parameter sizes.
🎯 Exploit Status
The vulnerability is simple to exploit with basic HTTP requests containing oversized parameters; proof-of-concept details are available in the public references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit edf33bedcbb08c33e59df76f06454ed7efd896f9
Vendor Advisory: https://github.com/danny-avila/librechat/commit/edf33bedcbb08c33e59df76f06454ed7efd896f9
Restart Required: Yes
Instructions:
1. Update LibreChat to the latest version containing the fix commit. 2. Restart the LibreChat service. 3. Verify the fix by testing the /api/memories endpoint with large parameter values.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rule
allImplement WAF rules to block requests with excessively large parameter values to the /api/memories endpoint.
Rate Limiting
allImplement rate limiting on the /api/memories endpoint to reduce impact of repeated attacks.
🧯 If You Can't Patch
- Implement reverse proxy with request size limits to block oversized requests before they reach LibreChat.
- Monitor logs for unusually large parameter values and implement alerting for potential attack attempts.
🔍 How to Verify
Check if Vulnerable:
Send a POST request to /api/memories with 'key' or 'value' parameters containing extremely large strings (e.g., >10MB). If the service becomes unresponsive or returns errors, it's vulnerable.Check Version:
Check LibreChat version in the application interface or deployment configuration; vulnerable version is 0.7.9.Verify Fix Applied:
After patching, test with the same oversized parameters; the request should be rejected with appropriate error messages instead of causing service disruption.📡 Detection & Monitoring
Log Indicators:
- Null pointer exception errors in Rust backend logs
- Unusually large request sizes to /api/memories endpoint
- Failed memory creation attempts
Network Indicators:
- HTTP POST requests to /api/memories with abnormally large payloads
- Increased error rates from the memories endpoint
SIEM Query:
source="librechat.logs" AND ("null pointer" OR "memory creation failed" OR request_size > 10000000)