Vulnerability Details CVE-2025-8849
LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.1%
CVSS Severity
CVSS v3 Score 5.4
References