Cyber Resilience

CVE-2025-8850

HighPublic PoC

Published: 30 October 2025

Published
30 October 2025
Modified
19 November 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 18.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8850 is a high-severity Expected Behavior Violation (CWE-440) vulnerability in Librechat Librechat. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Multi-Factor Authentication (T1556.006); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Not Applicable risk domain.

EU & UK References

Vulnerability details

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs…

more

because the backend does not properly validate the OTP or backup code when the API endpoint '/api/auth/2fa/disable' is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Not Applicable
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: librechat

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1556.006 Multi-Factor Authentication Defense Impairment
Adversaries may disable or modify multi-factor authentication (MFA) mechanisms to enable persistent access to compromised accounts.
Why these techniques?

The vulnerability allows authenticated users to disable 2FA without OTP or backup code validation via the '/api/auth/2fa/disable' endpoint, directly enabling modification of multi-factor authentication processes.

Affected Assets

librechat
librechat
0.7.9

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-440

Verification of security function operation directly detects deviations from expected behavior.

References