CVE-2025-41258 - CERT CVE

  1. CVE-2025-41258

ID CVE-2025-41258
Sažetak LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
Reference
CVSS
Base: 8.0
Impact: 5.9
Exploitability:2.1
Pristup
VektorSloženostAutentikacija
ADJACENT_NETWORK LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH HIGH
CVSS vektor CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Zadnje važnije ažuriranje 24-03-2026 - 18:41
Objavljeno 18-03-2026 - 12:16