Base Score

MEDIUM4.3

CVE-2025-6854

A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

VectorNETWORK

Published Bycna@vuldb.com

Published DateJun 29, 2025, 09:15

Affected Versions(1)

langchain-chatchat(PyPI)

Introduced0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
langchain-chatchat(PyPI)	0	N/A	N/A

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

5.3

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

Base Score

MEDIUM4.3

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

5.3

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)