CVE-2025-7106

Опубликовано: 23 сент. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some() to validate permissions, which incorrectly grants access if only one of multiple required permissions is present. This allows users with the 'USER' role to create agents despite having CREATE: false permission, as the check for ['USE', 'CREATE'] passes with just USE: true. This vulnerability affects other permission checks as well, such as PROMPTS. The issue is present in all versions prior to the fix.

Ссылки

https://github.com/danny-avila/librechat/commit/91a2df47599c09d80886bfc28e0ccf1debd42110
Patch
https://huntr.com/bounties/7de2765b-d1fe-4495-9144-220070857c48
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*

Версия до 0.7.9 (исключая)

EPSS

Процентиль: 16%

0.00052

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-284

CWE-639

Связанные уязвимости

GHSA-4pfh-329g-gqpr

CVSS3: 5.3

github

5 месяцев назад

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly grants access if only one of multiple required permissions is present. This allows users with the 'USER' role to create agents despite having `CREATE: false` permission, as the check for `['USE', 'CREATE']` passes with just `USE: true`. This vulnerability affects other permission checks as well, such as `PROMPTS`. The issue is present in all versions prior to the fix.

EPSS

Процентиль: 16%

0.00052

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-284

CWE-639