The FBI warns that Scattered Spider is now targeting the airline sector

Source: https://securityaffairs.com/179413/cyber-crime/the-fbi-warns-that-scattered-spider-is-now-targeting-the-airline-sector.html

The FBI has issued a warning that the threat actor group known as Scattered Spider has shifted its focus to target the airline sector. Scattered Spider is a cybercriminal group previously associated with various cyber intrusions, often involving social engineering, credential theft, and exploitation of vulnerabilities to gain unauthorized access to corporate networks. While specific technical details about the attack vectors or exploited vulnerabilities in this campaign are not provided, the targeting of the airline sector suggests a strategic intent to disrupt critical infrastructure, steal sensitive data, or conduct financially motivated attacks such as ransomware or fraud. The airline industry is a complex ecosystem involving multiple stakeholders including airlines, airports, and service providers, all of which rely heavily on interconnected IT systems for operations, reservations, and communications. The FBI's warning indicates an increased risk of cyberattacks that could impact operational continuity, passenger data confidentiality, and potentially safety-critical systems. Although no known exploits or specific vulnerabilities have been identified in this alert, the medium severity rating reflects the potential for significant disruption given the critical nature of the airline sector. The lack of detailed technical indicators or patches suggests that organizations should focus on strengthening their overall cybersecurity posture, monitoring for suspicious activity, and preparing incident response plans tailored to threats from sophisticated actors like Scattered Spider.

Reddit InfoSec News

Detailed information about The FBI warns that Scattered Spider is now targeting the airline sector. Get real-time updates, technical details, and mitigation str

The FBI warns that Scattered Spider is now targeting the airline sector - Live Threat Intelligence - Threat Radar | OffSeq.com

The FBI warns that Scattered Spider is now targeting the airline sector

Reddit Discussion: The FBI warns that Scattered Spider is now targeting the airline sector

A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6854 is a path traversal vulnerability identified in the chatchat-space Langchain-Chatchat product, specifically affecting versions 0.3.0 and 0.3.1. The vulnerability resides in the handling of requests to the /v1/files?purpose=assistants endpoint. Path traversal vulnerabilities occur when an attacker can manipulate file path parameters to access files and directories outside the intended scope, potentially exposing sensitive data or system files. In this case, the vulnerability allows remote attackers to craft requests that traverse directories on the server, potentially accessing unauthorized files. The CVSS 4.0 base score is 5.3, indicating a medium severity level. The vector indicates the attack is network accessible (AV:N), requires low attack complexity (AC:L), no authentication (AT:N), no privileges (PR:L - low privileges), no user interaction (UI:N), and limited impact on confidentiality (VC:L), with no impact on integrity or availability. The exploit has been publicly disclosed, increasing the risk of exploitation, though no known exploits in the wild have been reported yet. The vulnerability's root cause is insufficient validation or sanitization of file path input parameters, allowing directory traversal sequences (e.g., ../) to escape the intended directory boundaries. This can lead to unauthorized file access, which may expose sensitive configuration files, credentials, or other critical data stored on the server hosting Langchain-Chatchat. Given the product's use in AI assistant or chatbot frameworks, unauthorized access could also lead to leakage of user data or internal system information. The lack of authentication requirement and remote exploitability make this vulnerability particularly concerning for exposed deployments. However, the limited impact on integrity and availability reduces the risk of destructive attacks such as data modification or denial of service. No official patches or mitigation links have been provided yet, so organizations must rely on temporary mitigations and monitoring until a fix is available.

CVE Database V5

Detailed information about CVE-2025-6854: Path Traversal in chatchat-space Langchain-Chatchat affecting chatchat-space Langchain-Chatchat. Get real-time updates

CVE-2025-6854: Path Traversal in chatchat-space Langchain-Chatchat - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-6854: Path Traversal in chatchat-space Langchain-Chatchat

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6853 is a path traversal vulnerability identified in the Langchain-Chatchat product developed by chatchat-space, specifically affecting versions 0.3.0 and 0.3.1. The vulnerability resides in the Backend component, within the upload_temp_docs function located in the /knowledge_base/upload_temp_docs file. The issue arises due to improper validation or sanitization of the 'flag' argument, which an attacker can manipulate to perform a path traversal attack. This allows an attacker to access or overwrite files outside the intended directory scope on the server hosting the application. The vulnerability can be exploited remotely without requiring user interaction or authentication, increasing its risk profile. Although the CVSS v4.0 score is 5.3, categorizing it as medium severity, the potential impact includes unauthorized access to sensitive files, data leakage, or even modification of critical files, which could lead to further compromise of the system. The exploit has been publicly disclosed, but there are no confirmed reports of active exploitation in the wild as of the published date (June 29, 2025). The attack vector is network-based with low attack complexity and no privileges required, but the impact on confidentiality, integrity, and availability is limited to low levels, which aligns with the medium severity rating. The vulnerability does not require user interaction, making it easier for attackers to automate exploitation attempts. No patches or mitigations have been officially released yet, increasing the urgency for affected organizations to implement compensating controls.

Detailed information about CVE-2025-6853: Path Traversal in chatchat-space Langchain-Chatchat affecting chatchat-space Langchain-Chatchat. Get real-time updates

CVE-2025-6853: Path Traversal in chatchat-space Langchain-Chatchat - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-6853: Path Traversal in chatchat-space Langchain-Chatchat

A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /forum1.php. The manipulation of the argument File leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6850 is a SQL Injection vulnerability identified in version 1.0 of the code-projects Simple Forum software, specifically within an unspecified functionality of the /forum1.php file. The vulnerability arises from improper sanitization or validation of the 'File' argument, which can be manipulated by an attacker to inject malicious SQL code. This injection flaw allows an attacker to execute arbitrary SQL commands on the backend database remotely without requiring any authentication or user interaction. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits have been observed in the wild yet. The CVSS 4.0 base score is 5.3, indicating a medium severity level, reflecting that while the attack vector is network-based and requires low attack complexity, it does require some privileges (PR:L) and results in low impact on confidentiality, integrity, and availability. The vulnerability does not involve scope or security requirements changes. The lack of available patches or mitigations from the vendor at this time increases the urgency for organizations to implement compensating controls. SQL Injection vulnerabilities are critical because they can lead to unauthorized data access, data modification, or even full system compromise depending on the database privileges and backend architecture. Given that the Simple Forum software is a web-based discussion platform, exploitation could lead to data leakage of user information, defacement, or further pivoting into internal networks.

Detailed information about CVE-2025-6850: SQL Injection in code-projects Simple Forum affecting code-projects Simple Forum. Get real-time updates, technical det

CVE-2025-6850: SQL Injection in code-projects Simple Forum - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-6850: SQL Injection in code-projects Simple Forum

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-6855: Path Traversal in chatchat-space Langchain-Chatchat affecting chatchat-space Langchain-Chatchat. Get real-time updates

CVE-2025-6855: Path Traversal in chatchat-space Langchain-Chatchat

CVE-2025-6855: Path Traversal in chatchat-space Langchain-Chatchat

Description

Technical Details

Related Threats

CVE-2025-6854: Path Traversal in chatchat-space Langchain-Chatchat

CVE-2025-6853: Path Traversal in chatchat-space Langchain-Chatchat

CVE-2025-6850: SQL Injection in code-projects Simple Forum

CVE-2025-6848: Unrestricted Upload in code-projects Simple Forum

CVE-2025-6847: SQL Injection in code-projects Simple Forum

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility