CVE-2025-8849
HIGH WAF: Medium
CVSS 7.5
Published: 2025-10-31
CWE-400
LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| librechat | librechat | 0.7.9 |
References
- github.com (Patch)
- huntr.com (Exploit, Mitigation, Third Party Advisory)