CVE-2025-6853

MEDIUM6.3EPSS 0.63%

Langchain-Chatchat has a Path Traversal vulnerability

Published: 6/29/2025Modified: 9/16/2025

Description

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected packages (1)

PyPI/langchain-chatchatfrom 0, <= 0.3.1.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
osv	CVSS 3.1	MEDIUM6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References (6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-6853
PATCHhttps://github.com/chatchat-space/Langchain-Chatchat
WEBhttps://github.com/chatchat-space/Langchain-Chatchat/issues/5352
WEBhttps://vuldb.com/?ctiid.314325
WEBhttps://vuldb.com/?id.314325
WEBhttps://vuldb.com/?submit.601155