{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T13:53:27.400","vulnerabilities":[{"cve":{"id":"CVE-2025-7105","sourceIdentifier":"security@huntr.dev","published":"2026-02-02T11:16:17.340","lastModified":"2026-04-15T14:34:27.800","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. This issue affects the latest version of the product."},{"lang":"es","value":"Una vulnerabilidad en danny-avila/librechat permite a los atacantes explotar la función Fork sin restricciones en /api/convos/fork para bifurcar numerosos contenidos rápidamente. Si el contenido bifurcado incluye un gráfico Mermaid con un gran número de nodos, puede provocar un error de agotamiento de memoria del heap de JavaScript al reiniciar el servicio, causando una denegación de servicio. Este problema afecta a la última versión del producto."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/danny-avila/librechat/commit/97a99985fa339db0a21ad63604e0bb8db4442ffc","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/e44f0740-48bd-443b-8826-528e6afe9e34","source":"security@huntr.dev"}]}}]}