CVE-2025-8850
Published: 30 October 2025
Summary
CVE-2025-8850 is a high-severity Expected Behavior Violation (CWE-440) vulnerability in Librechat Librechat. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Multi-Factor Authentication (T1556.006); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Not Applicable risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-37197
Vulnerability details
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs…
more
because the backend does not properly validate the OTP or backup code when the API endpoint '/api/auth/2fa/disable' is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Not Applicable
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: librechat
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows authenticated users to disable 2FA without OTP or backup code validation via the '/api/auth/2fa/disable' endpoint, directly enabling modification of multi-factor authentication processes.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Verification of security function operation directly detects deviations from expected behavior.