CVE-2025-6985

Name of the Vulnerable Software and Affected Versions langchain-text-splitters version 0.3.8

Description The HTMLSectionSplitter class is susceptible to XML External Entity (XXE) attacks because of unsafe XSLT parsing. The class permits the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse() and lxml.etree.XSLT() without security measures. In lxml versions up to 4.9.x, external entities are resolved by default, potentially allowing attackers to read local files or perform HTTP(S) fetches. In lxml versions 5.0 and above, the document() function can read any URI unless XSLTAccessControl is applied. This allows remote attackers to gain read-only access to files the LangChain process can reach, including SSH keys, environment files, source code, or cloud metadata. No authentication or user interaction is required, and the issue is exploitable in default deployments that enable custom XSLT.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.