Skip to main content
CVE Vulnerability Database

CVE-2025-8850: LibreChat 2FA Auth Bypass Vulnerability

CVE-2025-8850 is a 2FA authentication bypass flaw in LibreChat that allows users to disable two-factor authentication without proper verification. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-8850 Overview

CVE-2025-8850 is an insecure API design flaw in danny-avila/librechat version 0.7.9 affecting the two-factor authentication (2FA) disable flow. The /api/auth/2fa/disable endpoint accepts requests from authenticated users without validating a one-time password (OTP) or backup code. An attacker with valid session credentials can disable 2FA on the target account, weakening the account's security posture. The issue is categorized under CWE-440: Expected Behavior Violation and does not itself result in full account takeover.

Critical Impact

Authenticated users, including attackers who have obtained session tokens or credentials, can silently disable 2FA on a LibreChat account by calling the disable endpoint directly, eliminating a key defense against credential theft.

Affected Products

  • LibreChat 0.7.9 (danny-avila/librechat)
  • Deployments running the vulnerable /api/auth/2fa/disable endpoint
  • Self-hosted LibreChat instances that have not applied commit 7e4c8a5d0d2dbe5bf8fd272ff6acafb27d24744f

Discovery Timeline

  • 2025-10-30 - CVE-2025-8850 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-8850

Vulnerability Analysis

LibreChat implements 2FA to require a second authentication factor during login. The disable flow is expected to enforce the same guarantee: a user must prove possession of the second factor before removing it. In version 0.7.9, the backend handler for /api/auth/2fa/disable does not verify the submitted OTP or backup code against the stored 2FA secret. Any authenticated session that reaches the endpoint succeeds in turning off 2FA.

This is an authorization and workflow design flaw rather than a memory-safety or injection bug. The endpoint conflates "authenticated" with "authorized to change a security-sensitive setting," skipping the step-up verification that 2FA disablement requires. The impact is amplified in shared workstation scenarios, session hijacking cases, or when an attacker holds a stolen bearer token but lacks the physical OTP device.

Root Cause

The root cause is missing validation logic in the disable handler. The backend accepts the disable request based solely on the session's authenticated state and does not compare a submitted OTP or backup code against the user's 2FA secret before clearing it. The upstream fix in commit 7e4c8a5d0d2dbe5bf8fd272ff6acafb27d24744f introduces the required verification step.

Attack Vector

Exploitation requires an authenticated session on the target LibreChat instance. An attacker who has obtained credentials through phishing, credential stuffing, or session theft sends an HTTP request to /api/auth/2fa/disable with the valid session cookie or JWT. The server processes the request and disables 2FA without prompting for an OTP or backup code. The account then relies on password authentication alone, enabling persistence and simplifying subsequent logins from attacker-controlled infrastructure.

The vulnerability mechanism is described in prose because no verified proof-of-concept code is published. Refer to the Huntr Bug Bounty Report and the upstream patch commit for reference.

Detection Methods for CVE-2025-8850

Indicators of Compromise

  • HTTP requests to /api/auth/2fa/disable that are not preceded by a corresponding OTP verification request from the same session.
  • Audit log entries showing twoFactorEnabled transitioning from true to false without a matching OTP validation event.
  • Multiple 2FA disable operations across distinct user accounts originating from the same source IP or user-agent within a short window.

Detection Strategies

  • Instrument the LibreChat application layer to log every call to the 2FA disable endpoint with user ID, source IP, and session identifier.
  • Correlate authentication logs to detect disable operations that occur immediately after logins from new geographies or devices.
  • Alert on account setting changes to 2FA state that lack an associated OTP verification record.

Monitoring Recommendations

  • Forward LibreChat application and reverse-proxy logs to a centralized SIEM for retention and correlation.
  • Track base rates for 2FA disable events per tenant and alert on statistical anomalies.
  • Review MongoDB user documents periodically for unexpected changes in 2FA-related fields.

How to Mitigate CVE-2025-8850

Immediate Actions Required

  • Upgrade LibreChat past version 0.7.9 to a release that includes commit 7e4c8a5d0d2dbe5bf8fd272ff6acafb27d24744f.
  • Audit all accounts for recent 2FA state changes and require affected users to re-enroll 2FA.
  • Rotate session secrets and invalidate active sessions to force re-authentication after patching.

Patch Information

The upstream fix is available in the GitHub commit 7e4c8a5d0d2dbe5bf8fd272ff6acafb27d24744f, which adds OTP and backup code validation to the /api/auth/2fa/disable handler. Administrators should pull the fixed release and redeploy their LibreChat instance. Additional context is available in the Huntr Bug Bounty Report.

Workarounds

  • Place a reverse-proxy rule in front of LibreChat that blocks direct requests to /api/auth/2fa/disable until the patched version is deployed.
  • Enforce short session lifetimes and require re-authentication for sensitive account settings changes at the proxy or WAF layer.
  • Restrict LibreChat administrative access to trusted networks or VPN-authenticated sources to reduce exposure of stolen sessions.
bash
# Example NGINX rule to block the vulnerable endpoint until patching completes
location = /api/auth/2fa/disable {
    return 403;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.