Unrated severityNVD Advisory· Published Aug 5, 2025· Updated Aug 5, 2025

LibreChat exposes arbitrary chats through Meilisearch engine

CVE-2025-54868

Description

LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.

Affected products

Danny Avila/Librechatv5
Range: >= 0.0.6, < 0.7.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/danny-avila/LibreChat/commit/0e8041bcac616949c42a68dfb8f108ccc4db5151mitrex_refsource_MISC
github.com/danny-avila/LibreChat/security/advisories/GHSA-p5j8-m4wh-ffmwmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000