CVE-2025-6853

Name of the Vulnerable Software and Affected Versions: Langchain-Chatchat versions up to 0.3.1

Description: A critical vulnerability has been found in Langchain-Chatchat, affecting the upload temp docs function of the /knowledge base/upload temp docs file in the Backend component. The manipulation of the flag argument leads to path traversal, allowing for remote attacks. The exploit has been publicly disclosed and may be used.

Recommendations: For versions up to 0.3.1, consider disabling the upload temp docs function until a patch is available to prevent path traversal attacks. Restrict access to the /knowledge base/upload temp docs file to minimize the risk of exploitation. Avoid using the flag argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.