CVE-2024-10363

EUVD-2025-7104
In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
@huntr_aiCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
librechatlibrechat
0.7.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/danny-avila/librechat/commit/42a4d02c62e2a6cf677d1cb6cfcb36d136aaa599
https://huntr.com/bounties/41a1137d-e725-4fec-b04c-58555cb16b6b