CNNVD-202510-4178 Information
Oct 30, 2025
cve
CNNVD ID
CNNVD-202510-4178
Related CVE
- CNNVD Published: 2025-10-30
Description (Chinese)
LibreChat是Danny Avila个人开发者的一个增强的 ChatGPT 克隆。 LibreChat 0.7.9版本存在安全漏洞,该漏洞源于2FA禁用流程中未正确验证OTP或备份代码,可能导致账户安全性降低。
Description (English)
LibreChat is an enhanced ChatGPT clone of Danny Avila’s personal developer. There is a security loophole in LibreChat 0.7.9, which stems from the incorrect validation of OTP or backup code in the 2FA disablement process, which may lead to a decrease in account security.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-10-30
Last Modified
2026-02-24
References
https://github.com/danny-avila/librechat/commit/7e4c8a5d0d2dbe5bf8fd272ff6acafb27d24744f https://huntr.com/bounties/8e615709-f4de-41e2-b194-f0d91ed7c75e
Patch
https://www.librechat.ai/changelog
Share on: