CVE-2025-8849

by Fred · 31/10/2025

LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.

More information : https://github.com/danny-avila/librechat/commit/edf33bedcbb08c33e59df76f06454ed7efd896f9

CVE-2025-8849

Similar

Recent Posts

Categories

CVE-2025-8849

Share this:

Similar

Recent Posts

Categories

Tags