CVE-2025-7105

The CVE-2025-7105 entry concerns danny-avila/librechat where an unrestricted Fork Function at /api/convos/fork allows rapid forking of content. If a forked item contains a Mermaid graph with many nodes, a JavaScript heap out of memory error can occur on service restart, causing a Denial of Servic...

Using Mermaid to cause JS memory overflow and service downtime

Description Librechat has many means of limiting the rate, which can be found at https://www.librechat.ai/docs/configuration/librechatyaml/objectstructure/configratelimits. However, it can be found that the Fork Function in /api/convos/fork is not restricted, which allows attackers to fork...