CVE-2025-7105
📋 TL;DR
This vulnerability in LibreChat allows attackers to exploit an unrestricted fork function to create numerous content forks containing large Mermaid graphs, leading to JavaScript heap memory exhaustion and denial of service upon service restart. It affects all users running vulnerable versions of LibreChat. The attack requires API access but can be performed by authenticated users.
💻 Affected Systems
- danny-avila/librechat
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to memory exhaustion, requiring manual intervention to restore service and potentially causing data corruption.
Likely Case
Temporary denial of service requiring service restart, with potential performance degradation during exploitation.
If Mitigated
Minimal impact with proper rate limiting and input validation in place.
🎯 Exploit Status
Exploit requires API access but is straightforward to execute. The vulnerability is publicly documented with proof-of-concept available through the huntr.com bounty report.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 97a99985fa339db0a21ad63604e0bb8db4442ffc and later
Vendor Advisory: https://github.com/danny-avila/librechat/commit/97a99985fa339db0a21ad63604e0bb8db4442ffc
Restart Required: Yes
Instructions:
1. Update LibreChat to the latest version containing commit 97a99985fa339db0a21ad63604e0bb8db4442ffc. 2. Restart the LibreChat service. 3. Verify the fix by checking that the fork endpoint now has proper input validation and rate limiting.
🔧 Temporary Workarounds
Rate Limit API Endpoint
allImplement rate limiting on the /api/convos/fork endpoint to prevent rapid exploitation.
# Configure rate limiting in your reverse proxy or application firewall
# Example nginx rate limiting:
limit_req_zone $binary_remote_addr zone=forklimit:10m rate=10r/m;
location /api/convos/fork {
limit_req zone=forklimit burst=20 nodelay;
proxy_pass http://librechat_backend;
}
Disable Fork Endpoint
allTemporarily disable the vulnerable /api/convos/fork endpoint if not required.
# In your reverse proxy configuration:
location /api/convos/fork {
return 403;
}
🧯 If You Can't Patch
- Implement strict rate limiting on all API endpoints, particularly /api/convos/fork.
- Monitor memory usage and restart services automatically when memory thresholds are exceeded.
- Implement input validation to reject Mermaid graphs with excessive node counts.
- Restrict API access to trusted users only using authentication and authorization controls.
🔍 How to Verify
Check if Vulnerable:
Check if your LibreChat version includes commit 97a99985fa339db0a21ad63604e0bb8db4442ffc. If not, you are vulnerable. Test by attempting to fork content with large Mermaid graphs and monitoring memory usage.Check Version:
git log --oneline -1 | grep 97a99985fa339db0a21ad63604e0bb8db4442ffcVerify Fix Applied:
After patching, verify that rapid forking attempts are rate limited and that large Mermaid graphs are rejected or properly handled without causing memory exhaustion.📡 Detection & Monitoring
Log Indicators:
- High frequency of POST requests to /api/convos/fork
- Memory exhaustion errors in application logs
- Service restart events following API activity
- Large Mermaid graph processing in logs
Network Indicators:
- Bursts of API requests to the fork endpoint
- Increased memory consumption patterns
- Service unavailability following API traffic spikes
SIEM Query:
source="librechat.log" AND ("POST /api/convos/fork" OR "heap out of memory" OR "service restart") | stats count by src_ip, user_agent