CVE-2025-7104 | danny-avila librechat up to 0.7.8 Request Body author/access_level/isCollaborative/projectIds dynamically-determined object attributes

A vulnerability was found in danny-avila librechat up to 0.7.8 and classified as problematic. This affects an unknown function of the component Request Body Handler. Such manipulation of the argument author/access_level/isCollaborative/projectIds leads to dynamically-determined object attributes.

This vulnerability is documented as CVE-2025-7104. The attack can be executed remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More