PT-2025-50558 · Sqlite+1 · Sqlite+1
Published
2025-12-10
·
Updated
2026-04-17
·
CVE-2025-67644
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LangGraph versions 3.0.0 and below
Description
The LangGraph SQLite Checkpoint component, used for saving data with SQLite databases, has a flaw. Versions 3.0.0 and below are susceptible to SQL injection. This occurs because the
metadata predicate() function directly incorporates filter keys into SQL queries using f-strings without proper validation. Attackers can manipulate SQL queries through metadata filter keys, potentially impacting applications that handle untrusted metadata filter keys during checkpoint search operations.Recommendations
Update to version 3.0.1 or later.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Langgraph
Sqlite