CVE-2025-7105 Overview
A resource exhaustion vulnerability exists in danny-avila/librechat that allows authenticated attackers to exploit the unrestricted Fork Function in /api/convos/fork to fork numerous contents rapidly. When the forked content includes a Mermaid graph with a large number of nodes, it can trigger a JavaScript heap out of memory error upon service restart, resulting in a denial of service condition. This vulnerability affects the latest version of the product.
Critical Impact
Authenticated attackers can cause persistent denial of service by exhausting server memory through rapid forking of conversations containing large Mermaid graphs, preventing the service from restarting properly.
Affected Products
- danny-avila/librechat (latest version)
Discovery Timeline
- 2026-02-02 - CVE-2025-7105 published to NVD
- 2026-02-03 - Last updated in NVD database
Technical Details for CVE-2025-7105
Vulnerability Analysis
This vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption), a type of resource exhaustion flaw that occurs when an application fails to properly limit the consumption of system resources. In this case, the /api/convos/fork API endpoint lacks rate limiting and content size validation, allowing authenticated users to create an excessive number of conversation forks in rapid succession.
The attack becomes particularly severe when the forked conversations contain Mermaid diagram definitions with an extremely large number of nodes. When the LibreChat service attempts to restart or process these conversations, the JavaScript runtime attempts to parse and render all the Mermaid graphs simultaneously, causing the Node.js heap to exceed memory limits and crash with an out-of-memory error.
Root Cause
The root cause of this vulnerability lies in two missing security controls:
- Lack of rate limiting on the /api/convos/fork endpoint, allowing users to create unlimited forks in rapid succession
- Missing content validation for Mermaid graph complexity, permitting graphs with an excessive number of nodes to be stored and later processed
The combination of these missing controls creates a condition where an attacker can fill the database with resource-intensive content that exhausts server memory when processed during service initialization or restart.
Attack Vector
The attack is network-accessible and requires low-privilege authentication (a standard user account). An attacker can execute this attack through the following mechanism:
- The attacker creates or identifies a conversation containing a Mermaid graph with thousands of nodes
- The attacker rapidly sends multiple fork requests to /api/convos/fork for this conversation
- Each fork creates a copy of the memory-intensive content
- Upon service restart, the application attempts to process all forked conversations
- The JavaScript heap exhausts available memory, causing the service to crash
- The service enters a crash loop, resulting in persistent denial of service
The attack requires some user interaction (authentication) but can be executed remotely over the network with minimal complexity.
Detection Methods for CVE-2025-7105
Indicators of Compromise
- Unusual spike in API calls to /api/convos/fork from a single user or session
- Database growth anomalies with numerous duplicated conversation entries
- Service crash logs indicating JavaScript heap out of memory errors
- Repeated service restart failures following memory exhaustion events
Detection Strategies
- Monitor API request rates to /api/convos/fork and alert on abnormal patterns
- Implement application performance monitoring to detect memory consumption anomalies
- Configure alerting on Node.js process memory usage approaching heap limits
- Review application logs for rapid sequential fork operations from individual accounts
Monitoring Recommendations
- Set up memory utilization thresholds and alerts for the LibreChat service process
- Implement API endpoint monitoring for unusual request volumes
- Configure database growth alerts to detect abnormal content accumulation
- Enable detailed logging for the conversation fork functionality
How to Mitigate CVE-2025-7105
Immediate Actions Required
- Update LibreChat to include the security patch at commit 97a99985fa339db0a21ad63604e0bb8db4442ffc
- Implement rate limiting on the /api/convos/fork endpoint at the reverse proxy or application level
- Review and potentially purge existing conversations with excessively large Mermaid graphs
- Increase Node.js heap memory limits as a temporary measure while patching
Patch Information
A fix for this vulnerability has been committed to the LibreChat repository. The security patch is available at GitHub Commit 97a9998. Organizations running LibreChat should update to include this commit or a later version that incorporates the fix.
Additional details about this vulnerability are documented in the Huntr Bounty Listing.
Workarounds
- Implement rate limiting at the API gateway or reverse proxy level for /api/convos/fork
- Configure maximum request body size limits to prevent large Mermaid graph payloads
- Set up process monitoring with automatic restart limits to prevent crash loops
- Temporarily disable or restrict access to the fork functionality until patching is complete
# Example nginx rate limiting configuration for the fork endpoint
limit_req_zone $binary_remote_addr zone=fork_limit:10m rate=5r/m;
location /api/convos/fork {
limit_req zone=fork_limit burst=10 nodelay;
proxy_pass http://librechat_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
