Cradicle Explorer
ai-agents-security_AI-Infra-Guard
/ data / vuln_en / langchain / CVE-2025-6854.yaml
CVE-2025-6854.yaml
 1  info:
 2    name: langchain
 3    cve: CVE-2025-6854
 4    summary: Path traversal vulnerability in Langchain-Chatchat up to version 0.3.1
 5    details: |
 6      The vulnerability allows remote attackers to perform path traversal due to improper input validation in the `/v1/files?purpose=assistants` endpoint. This affects versions up to 0.3.1 and can lead to unauthorized file access.
 7    cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 8    severity: MEDIUM
 9    security_advise: |
10      1. Upgrade to Langchain-Chatchat version 0.3.2 or higher
11      2. Implement strict input validation for file path parameters
12      3. Restrict access to sensitive endpoints with authentication
13  rule: version <= "0.3.1"
14  references:
15    - https://nvd.nist.gov/vuln/detail/CVE-2025-6854
16    - https://github.com/chatchat-space/Langchain-Chatchat/issues/5353
17    - https://vuldb.com/?ctiid.314326
18    - https://vuldb.com/?id.314326
19    - https://vuldb.com/?submit.601161