PT-2025-52859 · Langchain · Langchain

·

CVE-2025-68664

·

Published

2025-12-23

·

Updated

2026-06-29

CVSS v3.1

9.3

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions: LangChain versions prior to 0.3.81 and 1.2.5
Description: A serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. These functions do not properly escape dictionaries containing 'lc' keys when serializing data. The 'lc' key is used internally by LangChain to identify serialized objects. When user-controlled data includes this key structure, it is incorrectly treated as a legitimate LangChain object during deserialization instead of plain user data. This allows attackers to potentially extract sensitive information, such as environment variables, and potentially execute arbitrary code. The vulnerability is exploitable through prompt injection via LLM responses and can affect various components, including streaming operations and cached data.
Recommendations: Upgrade to LangChain version 0.3.81 or 1.2.5 or later. If upgrading is not immediately possible, restrict deserialization to a predefined allowlist of trusted objects and disable automatic loading of secrets from environment variables. Treat all LLM outputs as untrusted data, especially when serialization or deserialization is involved.

Exploit

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-68664
ECHO-FB5A-79B4-ED97
GHSA-C67J-W6G6-Q2CM
PYSEC-2026-373

Affected Products

Langchain