- Description
- A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Secondary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- cna@vuldb.com
- CWE-22
- Hype score
- Not currently trending
CVE-2025-6853 Path Traversal in Langchain-Chatchat Backend via Argument Manipula... https://t.co/Vjhw9JO9VF Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
29 Jun 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6853 A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledg… https://t.co/ENRqsg2AYw
@CVEnew
29 Jun 2025
681 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes