{"id":"CVE-2025-6855","details":"A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may be used.","aliases":["GHSA-f823-phmg-x5fr"],"modified":"2026-04-10T05:38:12.484155Z","published":"2025-06-29T09:15:24.290Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.314327"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.601162"},{"type":"REPORT","url":"https://github.com/chatchat-space/Langchain-Chatchat/issues/5354"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.314327"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/chatchat-space/langchain-chatchat","events":[{"introduced":"0"},{"last_affected":"a6a9193b5002061719f0eee62c6310bd5b1b7f63"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.3.1"}]}}],"versions":["v0.1.0","v0.1.1","v0.1.10","v0.1.14","v0.1.17","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.9","v0.2.0","v0.2.1","v0.2.2","v0.2.4","v0.2.9","v0.3.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6855.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}