CVE-2025-6854 – This path traversal vulnerability in Langchain-... (How to Fix)

Q: What is the severity of CVE-2025-6854?

CVE-2025-6854 has a CVSS score of 4.3 (MEDIUM). This path traversal vulnerability in Langchain-Chatchat allows attackers to access files outside the intended directory via the /v1/files endpoint. It affects all users running vulnerable versions of Langchain-Chatchat, particularly those with internet-facing deployments. The vulnerability can be exploited remotely without authentication.

📋 TL;DR

This path traversal vulnerability in Langchain-Chatchat allows attackers to access files outside the intended directory via the /v1/files endpoint. It affects all users running vulnerable versions of Langchain-Chatchat, particularly those with internet-facing deployments. The vulnerability can be exploited remotely without authentication.

💻 Affected Systems

Products:

Langchain-Chatchat

Versions: up to 0.3.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /v1/files?purpose=assistants endpoint specifically. All deployments with this endpoint exposed are vulnerable.

📦 What is this software?

Langchain Chatchat by Chatchat Space

View all CVEs affecting Langchain Chatchat →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration files, or source code, potentially leading to credential theft, system compromise, or data exfiltration.

🟠

Likely Case

Unauthorized file reading of application files, configuration files, or adjacent user data within the application's directory structure.

🟢

If Mitigated

Limited impact with proper file permissions and network segmentation, potentially only allowing access to non-sensitive application files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed in GitHub issue #5353. The vulnerability is straightforward to exploit with basic HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.3.2 or later

Vendor Advisory: https://github.com/chatchat-space/Langchain-Chatchat/issues/5353

Restart Required: Yes

Instructions:

1. Update Langchain-Chatchat to version 0.3.2 or later. 2. Restart the application service. 3. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Block Vulnerable Endpoint

all

Temporarily block or disable the /v1/files endpoint until patching is complete

# Configure web server (nginx example)
location /v1/files { deny all; }
# Application firewall rule to block /v1/files

Input Validation

all

Implement input validation to reject path traversal sequences

# Python example for path validation
import os
from pathlib import Path

def safe_path(user_input):
    base_path = Path('/safe/directory')
    requested = (base_path / user_input).resolve()
    if not str(requested).startswith(str(base_path)):
        raise ValueError('Path traversal attempt detected')

🧯 If You Can't Patch

Implement strict network access controls to limit access to the vulnerable endpoint
Deploy a web application firewall (WAF) with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Test the endpoint with path traversal payloads like /v1/files?purpose=assistants&filename=../../../etc/passwd and check if it returns unauthorized files

Check Version:

Check the application version in the interface or run: python -c "import langchain_chatchat; print(langchain_chatchat.__version__)"

Verify Fix Applied:

After patching, retest with the same path traversal payloads - they should return errors or be blocked

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /v1/files with ../ sequences in parameters
Unusual file access patterns from the application

Network Indicators:

Multiple requests to /v1/files with varying path traversal payloads
Unusual outbound data transfers following file access

SIEM Query:

source="web_logs" AND uri_path="/v1/files" AND (param="*../*" OR param="*..\\*" OR param="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2025-6854

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-22

EPSS Score: 0.09% exploit probability (25.7th percentile)

Published: June 29, 2025

Last Updated: October 31, 2025

🔗 References

https://github.com/chatchat-space/Langchain-Chatchat/issues/5353 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.314326 Permissions Required,VDB Entry
https://vuldb.com/?id.314326 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.601161 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6854, you might also want to check these: