CVE-2025-8850 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend does not properly validate the OTP or backup code when the API endpoint '/api/auth/2fa/disable' is directly accessed. This flaw can be exploited by authenticated users to weaken the security of their own accounts, although it does not lead to full account compromise.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Librechat	Librechat	0.7.9

Related Weaknesses (CWE)

CWE-440

References

https://github.com/danny-avila/librechat/commit/7e4c8a5d0d2dbe5bf8fd272ff6acafb2Patch
https://huntr.com/bounties/8e615709-f4de-41e2-b194-f0d91ed7c75eExploitPatchThird Party Advisory

FAQ

What is CVE-2025-8850?

CVE-2025-8850 is a vulnerability with a CVSS score of 8.8 (HIGH). In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup ...

How severe is CVE-2025-8850?

CVE-2025-8850 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-8850?

Check the references section above for vendor advisories and patch information. Affected products include: Librechat Librechat.