VYPR
Unrated severityNVD Advisory· Published Aug 5, 2025· Updated Aug 5, 2025

LibreChat exposes arbitrary chats through Meilisearch engine

CVE-2025-54868

Description

LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Librechat/Librechatllm-fuzzy2 versions
    <=0.7.7-rc1+ 1 more
    • (no CPE)range: <=0.7.7-rc1
    • (no CPE)range: >= 0.0.6, < 0.7.7

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.