Langchain-Chatchat has a Path Traversal vulnerability

GHSA-qmgv-j263-qr33 · CVE-2025-6853

Published Jun 29, 2025 · Modified Sep 16, 2025

Description

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-6853
WEB https://github.com/chatchat-space/Langchain-Chatchat/issues/5352
PACKAGE https://github.com/chatchat-space/Langchain-Chatchat
WEB https://vuldb.com/?ctiid.314325
WEB https://vuldb.com/?id.314325
WEB https://vuldb.com/?submit.601155

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes