CVE-2025-8709

Name of the Vulnerable Software and Affected Versions langgraph-checkpoint-sqlite version 2.0.10

Description A SQL injection vulnerability exists in the LangGraph's SQLite store implementation within the langchain-ai/langgraph repository. The issue stems from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) where string concatenation is used directly without proper parameterization. This allows attackers to inject arbitrary SQL code. Successful exploitation can lead to unauthorized access to all documents, the exfiltration of sensitive data like passwords and API keys, and a bypass of application-level security filters.

Recommendations Update to a newer version that contains a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.