CNNVD-202509-3695 Information
CNNVD ID
CNNVD-202509-3695
Related CVE
- CNNVD Published: 2025-09-23
Description (Chinese)
LibreChat是Danny Avila个人开发者的一个增强的 ChatGPT 克隆。 LibreChat存在访问控制错误漏洞,该漏洞源于api/server/middleware/roles/access.js中的checkAccess函数使用permissions.some进行权限验证,导致访问控制不当,可能允许权限绕过。
Description (English)
LibreChat is an enhanced ChatGPT clone of Danny Avila’s personal developer. LibreChat has a bug in access control, which originates from the checkAccess function in api/server/middleware/rules/access.js, which uses permissions.some to verify access, leading to inappropriate access controls that may allow the right to be bypassed.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
个人开发者
Published
2025-09-23
Last Modified
2026-02-24
References
https://huntr.com/bounties/7de2765b-d1fe-4495-9144-220070857c48 https://github.com/danny-avila/librechat/commit/91a2df47599c09d80886bfc28e0ccf1debd42110 https://access.redhat.com/security/cve/cve-2025-7106
Patch
https://github.com/danny-avila/LibreChat/releases
Share on: