CVE-2025-6854
BaseFortify
Publication date: 2025-06-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chatchat-space | langchain-chatchat | to 0.3.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6854 is a path traversal vulnerability in the Langchain-Chatchat backend (versions up to 0.3.1) affecting the /v1/files?purpose=assistants endpoint. The vulnerability arises because the software improperly handles user-supplied input when constructing file paths, allowing attackers to use specially crafted requests with directory traversal sequences (e.g., '../../../../etc/passwd') to access files outside the intended directory. This happens due to lack of proper validation or sanitization of the file path, enabling unauthorized reading of arbitrary files on the server. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to bypass file access restrictions and read arbitrary files on the server hosting Langchain-Chatchat. This can lead to exposure of sensitive information such as system configuration files, API keys, user data, and other confidential files. The exposure of such data can compromise system security, reveal internal system structure, and potentially facilitate further attacks. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious GET requests to the /v1/files endpoint containing path traversal sequences such as '../' or base64-encoded payloads that decode to directory traversal patterns. You can use network monitoring tools or web server logs to search for such patterns. For example, using grep on server logs: `grep -E '\.\./|\.\.\\' /path/to/access.log` or searching for base64 strings in requests to /v1/files. Additionally, sending crafted test requests to the endpoint to see if unauthorized files can be accessed can help detect the vulnerability. A proof-of-concept involves sending GET requests with base64-encoded file_id parameters containing traversal sequences. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint to authenticated and authorized users only, implementing strict validation and sanitization of file path inputs to prevent directory traversal sequences, and monitoring for exploitation attempts. Since no official patch or countermeasure is reported, replacing the affected software with an alternative product is recommended. Additionally, applying network-level controls such as firewall rules to limit access to the service can reduce exposure. [2, 3]