Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

LangChain Core serialization injection flaw (CVE-2025-68664)

Vulnerability
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

LangChain Core disclosed CVE-2025-68664, a CVSS 9.3 serialization injection flaw that can let attacker-controlled lc keys be treated as trusted objects, putting secrets and LLM responses at risk. The issue affects langchain-core versions >= 1.0.0, < 1.2.5 and < 0.3.81, and a patch is available. The flaw matters because exploitation can enable prompt injection, secret extraction, and potentially arbitrary code execution.

Related Happenings

CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008

Public Sector Action
First: 03.10.2025 11:23 Last: 03.10.2025 11:23 Sources 1

About this happening: CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...

Open Happening

Timeline

  1. 26.12.2025 11:27 1 articles · 5mo ago

    Yarden Porat reports LangChain Core serialization injection flaw

    Technical Analysis Update

    Security researcher Yarden Porat reports a serialization injection flaw in LangChain Core's dumps() and dumpd() functions that fails to escape user-controlled dictionaries containing 'lc' keys, allowing attacker-controlled content to be treated as LangChain objects during deserialization and potentially enabling secret extraction and prompt injection.

    Show sources
    Open in new tab
  2. 26.12.2025 11:27 2 articles · 5mo ago

    LangChain discloses CVE-2025-68664 and patched versions

    Initial Disclosure

    LangChain publicly discloses CVE-2025-68664, codenamed LangGrinch, as a CVSS 9.3 serialization injection issue in langchain-core affecting versions >= 1.0.0, < 1.2.5 and < 0.3.81, and recommends updating to fixed releases with allowed_objects allowlisting, Jinja2 blocked by default, and secrets_from_env set to False.

    Show sources
    Open in new tab