CVE-2025-6853: A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the
mediumvulnerabilityLLM-Specific
security
Summary
CVE-2025-6853 is a critical vulnerability in Langchain-Chatchat version 0.3.1 and earlier that allows attackers to exploit a path traversal (a type of attack where an attacker manipulates file paths to access files outside their intended directory) flaw in the upload_temp_docs backend function by manipulating the flag argument. The vulnerability can be exploited remotely by users with basic access permissions, and the exploit details have been publicly disclosed.
Vulnerability Details
CVSS Score
6.3(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
LangChain
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-6853
First tracked: February 15, 2026 at 08:35 PM
Classified by LLM (prompt v3) · confidence: 85%