CVE-2025-6853

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-6853

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6853.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-6853

Aliases

GHSA-qmgv-j263-qr33

Published

2025-06-29T08:15:21.550Z

Modified

2026-04-10T05:38:12.472180Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtemp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/chatchat-space/langchain-chatchat

Affected ranges

Type

GIT

Repo

https://github.com/chatchat-space/langchain-chatchat

Events

Introduced

Last affected

a6a9193b5002061719f0eee62c6310bd5b1b7f63

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.1"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.10

v0.1.14

v0.1.17

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.9

v0.2.0

v0.2.1

v0.2.2

v0.2.4

v0.2.9

v0.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6853.json"