CVE-2025-6855
BaseFortify
Publication date: 2025-06-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chatchat-space | langchain-chatchat | to 0.3.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6855 is a critical path traversal vulnerability in the Langchain-Chatchat software (versions up to 0.3.1) affecting the backend POST /v1/file endpoint. The vulnerability occurs because the server does not properly validate or sanitize the filename provided during file uploads. An attacker can exploit this by sending specially crafted requests with directory traversal sequences (e.g., "../../../../../") in the filename, allowing them to write arbitrary files outside the intended upload directory on the server. This improper handling of the file path can lead to unauthorized file writes anywhere on the server filesystem. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized arbitrary file writes on the server, which can lead to remote code execution (RCE) by uploading malicious scripts, overwriting critical configuration files, causing system crashes, or destroying system startup scripts. Essentially, an attacker can gain control over the server, compromise system integrity, availability, and confidentiality, potentially resulting in full system compromise. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and analyzing POST requests to the /v1/file endpoint for suspicious filename parameters containing directory traversal sequences such as "../". Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such patterns. Additionally, you can use curl or similar tools to test the endpoint manually by sending crafted POST requests with filenames containing traversal sequences to see if the server accepts and writes files outside the intended directory. Example command to test the vulnerability: curl -X POST -F "[email protected];filename=../../../../../test.txt" http://<target-server>/v1/file [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enforcing strict authentication on the /v1/file endpoint to restrict access, and implementing rigorous validation and filtering of the filename parameter to prevent directory traversal sequences. If possible, replace the affected Langchain-Chatchat version with a patched or alternative product. Monitoring and blocking suspicious requests targeting the /v1/file endpoint can also help reduce risk until a fix is applied. [2, 3]