CVE-2025-69221 MEDIUM

CVE-2025-69221: LibreChat has Insufficient Access Control for Agent Permission Queries

Vendor Danny-Avila
Product LibreChat
Weakness CWE-862 · Missing authorization
Published January 7, 2026
Last update January 7, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the configuration of agents that have a predefined set of instructions and context. Private agents are not visible to other users. However, if an attacker knows the agent ID, they can read the permissions of the agent including the permissions individually assigned to other users. This issue is fixed in version 0.8.2-rc2.

Key dates

02Disclosure timeline

January 7, 2026 CVE published
January 7, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' CVE-2025-26975 WordPress Strong Testimonials plugin <= 3.2.3 - Broken Access Control vulnerability CVE-2024-54242 WordPress Simple Notification plugin <= 1.3 - Broken Access Control vulnerability CVE-2025-9202 ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation CVE-2025-66135 WordPress Imager for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability