CVE-2025-7106 | danny-avila librechat up to 0.7.8 access.js checkAccess access control

A vulnerability was found in danny-avila librechat up to 0.7.8. It has been rated as critical. This affects the function checkAccess of the file api/server/middleware/roles/access.js. The manipulation leads to improper access controls.

This vulnerability is traded as CVE-2025-7106. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More