CVE-2025-8849 Overview
CVE-2025-8849 is a Denial of Service (DoS) vulnerability in LibreChat version 0.7.9. The /api/memories endpoint accepts unbounded values for the key and value parameters without input validation. Submitting excessively large payloads triggers a null pointer error in the Rust-based backend processing the request. The result is that users cannot create new memories, which degrades the stability of the service. The flaw is tracked under CWE-400: Uncontrolled Resource Consumption.
Critical Impact
Unauthenticated or authenticated attackers can disrupt the memory creation feature of LibreChat by sending oversized payloads, impacting service availability.
Affected Products
- LibreChat 0.7.9
- Deployments using the /api/memories endpoint
- Self-hosted LibreChat instances exposed to untrusted users
Discovery Timeline
- 2025-10-31 - CVE-2025-8849 published to the National Vulnerability Database (NVD)
- 2025-11-10 - Last updated in NVD database
Technical Details for CVE-2025-8849
Vulnerability Analysis
The vulnerability resides in the LibreChat memory subsystem exposed at /api/memories. The endpoint accepts JSON requests with key and value fields but applies no size or length validation before passing data to the underlying processing layer. When attackers submit large strings, the Rust-based backend encounters a null pointer condition and fails. This blocks legitimate users from creating or updating memory entries, degrading the chat application's functionality. The issue is classified as a resource consumption flaw because the server processes arbitrary input volumes without limits.
Root Cause
The root cause is missing payload size enforcement and input validation in the memories.js route handler. The Express router did not configure a JSON body size limit, allowing arbitrarily large request bodies to reach downstream code. The Rust component invoked during memory creation does not safely handle these oversized inputs, resulting in a null pointer error.
Attack Vector
An attacker with network access to the LibreChat API can send a crafted HTTP POST request to /api/memories containing extremely large key or value strings. No user interaction is required. The crafted payload causes the backend to fail and prevents subsequent memory creation operations.
// Security patch in api/server/routes/memories.js
// Adds a 100kb JSON payload limit to the memories router
const router = express.Router();
const memoryPayloadLimit = express.json({ limit: '100kb' });
const checkMemoryRead = generateCheckAccess({
permissionType: PermissionTypes.MEMORIES,
permissions: [Permissions.USE, Permissions.READ],
Source: LibreChat GitHub commit edf33be
Detection Methods for CVE-2025-8849
Indicators of Compromise
- HTTP POST requests to /api/memories with Content-Length values significantly larger than typical user input (for example, exceeding 100KB).
- Application logs showing null pointer errors or process crashes originating from the Rust memory processing component.
- User reports indicating inability to create or save new memory entries in LibreChat.
Detection Strategies
- Inspect web server and reverse proxy logs for repeated large-body requests targeting /api/memories from the same source IP.
- Monitor LibreChat application error logs for backend exceptions tied to memory creation requests.
- Correlate spikes in 4xx or 5xx responses on the memories endpoint with abnormally large request bodies.
Monitoring Recommendations
- Configure web application firewall (WAF) rules to alert when request bodies to /api/memories exceed the expected limit.
- Track availability metrics for the memory creation feature and alert on sustained failure rates.
- Forward LibreChat application logs to a centralized logging or SIEM platform for retention and analysis.
How to Mitigate CVE-2025-8849
Immediate Actions Required
- Upgrade LibreChat beyond version 0.7.9 to a release containing commit edf33be, which enforces payload limits and validation on user-created memories.
- Place LibreChat behind a reverse proxy or WAF that enforces request body size limits for the /api/memories endpoint.
- Restrict access to the LibreChat API to trusted networks or authenticated users while patching is in progress.
Patch Information
The fix is delivered in LibreChat commit edf33bedcbb08c33e59df76f06454ed7efd896f9 titled "feat: Payload limits and Validation for User-created Memories (#8974)." The patch adds an express.json({ limit: '100kb' }) middleware to the memories router and reorganizes the loadMemoryConfig import in AppService.js. Additional details are available in the Huntr bounty report.
Workarounds
- Enforce a request body size limit at the reverse proxy layer (for example, client_max_body_size 100k; in NGINX) for the memories endpoint.
- Temporarily disable the memory feature in LibreChat configuration if patching cannot be performed immediately.
- Apply rate limiting to the /api/memories route to reduce the impact of repeated abusive requests.
# Example NGINX configuration to cap request body size for the memories endpoint
location /api/memories {
client_max_body_size 100k;
proxy_pass http://librechat_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
