Vulnerability Description
A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chatchat-Space | Langchain-Chatchat | <= 0.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/chatchat-space/Langchain-Chatchat/issues/5352ExploitIssue Tracking
- https://vuldb.com/?ctiid.314325Permissions RequiredVDB Entry
- https://vuldb.com/?id.314325Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.601155Third Party AdvisoryVDB Entry
- https://github.com/chatchat-space/Langchain-Chatchat/issues/5352ExploitIssue Tracking
FAQ
What is CVE-2025-6853?
CVE-2025-6853 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the c...
How severe is CVE-2025-6853?
CVE-2025-6853 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6853?
Check the references section above for vendor advisories and patch information. Affected products include: Chatchat-Space Langchain-Chatchat.