CVE-2024-11172 HIGH

CVE-2024-11172: Denial of Service in danny-avila/librechat

Vendor Danny-Avila
Product danny-avila/librechat
Weakness CWE-248
Published March 20, 2025
Last update October 15, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exception will cause the server to crash. This issue is fixed in version 0.7.6.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
October 15, 2025 Record updated