关键信息 CVE: CVE-2025-7105 Vulnerability Type: CWE-400: Denial of Service Severity: Medium (5.7) Status: Fixed Affected Version: Latest version Registry: Other Visibility: Public Description Issue: Using Mermaid to cause JS memory overflow and service downtime in danny-avila/librechat. Cause: The Fork Function in is not restricted, allowing attackers to fork thousands of contents in a short period of time through scripts. If the content forked is a Mermaid graph, it can lead to memory overflow after a service restart. Proof of Concept A script is provided to demonstrate the attack, which involves making a large number of requests to the fork endpoint. Impact Any registered user with access to the service can use this attack to cause the service to crash after a restart. Notes The vulnerability has been patched in version v0.7.9. The issue was fixed and published 7 months ago.