CVE-2025-7104 is a medium severity vulnerability classified under CWE-915, which pertains to Improperly Controlled Modification of Dynamically-Determined Object Attributes. This vulnerability affects the danny-avila/librechat project across all versions. The core issue is a mass assignment flaw where user input is automatically bound to internal object properties or database fields without adequate filtering or validation. Specifically, extra fields included in a request body are merged into the agentData object and subsequently passed to the database layer. This allows an attacker to overwrite sensitive schema fields such as author, access_level, isCollaborative, and projectIds. Furthermore, the use of Object.assign combined with spread operators leads to the risk of Object Prototype Pollution, which can have broader implications on application behavior and security. The vulnerability is remotely exploitable without authentication (AV:N/PR:N), but requires user interaction (UI:R), such as submitting crafted requests. The impact on confidentiality is limited (C:L), with no direct impact on integrity or availability (I:N/A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability arises from insufficient input validation and improper handling of dynamic object attributes in JavaScript code, which is common in Node.js or frontend frameworks that rely on object merging techniques.

For European organizations using danny-avila/librechat, this vulnerability could lead to unauthorized modification of sensitive application data, potentially allowing attackers to escalate privileges, alter project collaboration settings, or manipulate access controls. Although the direct impact on data confidentiality, integrity, and availability is limited, the ability to overwrite critical fields like access_level or projectIds can indirectly facilitate privilege escalation or unauthorized data access. This could affect organizations relying on LibreChat for internal communication or project management, especially those handling sensitive or regulated data. The risk is heightened in environments where user input is not otherwise sanitized or where additional security controls are lacking. Given the medium CVSS score and the requirement for user interaction, the threat is moderate but should not be underestimated, especially in sectors with strict compliance requirements such as finance, healthcare, or government within Europe.

To mitigate this vulnerability, organizations should implement strict input validation and sanitization to ensure that only expected and safe fields are accepted from user input. Specifically, developers should avoid using Object.assign or spread operators on untrusted data without explicit whitelisting of allowed fields. Employing a robust schema validation library (e.g., Joi, Yup) to enforce strict typing and field constraints before data binding is recommended. Additionally, isolating sensitive fields from user-modifiable data structures can prevent unauthorized overwrites. Monitoring and logging unusual modifications to critical fields such as access_level or projectIds can help detect exploitation attempts. Since no official patches are currently available, organizations should consider applying custom patches or workarounds that restrict mass assignment. Finally, educating developers on secure coding practices related to object property assignment and prototype pollution is essential to prevent similar issues in the future.