CVE-2025-8849 – Denial of Service in danny-avila/librechat

CVE ID : CVE-2025-8849

Published : Oct. 31, 2025, 12:15 a.m. | 1 hour, 11 minutes ago

Description : LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…