CVE-2025-68664
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
Description
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
INFO
Published Date :
Dec. 23, 2025, 11:15 p.m.
Last Modified :
Jan. 13, 2026, 3:58 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2025-68664
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Update LangChain to version 0.3.81 or higher.
- Update LangChain to version 1.2.5 or higher.
Public PoC/Exploit Available at Github
CVE-2025-68664 has a 32 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-68664.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-68664 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-68664
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Python
None
Python
Scan AI agents for security and policy risks with 180 checks for safer deployments
agent-skills agile ai-safety apple bypass-mode claude-code developer-tools github-copilot ios open-source safety software-architecture swift tool-poisoning tvos
Dockerfile Python Shell TypeScript
43 Tier S+A skills explosive combinaison — optimisés THREX (Python bot aiogram MCP). Extrait consolidé ~1209 skills scannés via 4 waves exploration. Battre Hermes/OpenClaw/LangChain.
Python HTML JavaScript Shell TypeScript
Repo containing an example of the langrinch vulnerability
Python
None
Dockerfile Python Shell TypeScript
Hybrid classical + post-quantum (NIST FIPS 204 ML-DSA-65) digital receipts for AI agent decisions. First production MCP server with offline-verifiable post-quantum signing.
ai-agents ai-safety cnsa-2 cryptographic-receipts cryptography crystals-dilithium ed25519 eu-ai-act fips-204 mcp ml-dsa-65 model-context-protocol owasp-asi post-quantum-cryptography prompt-injection-defense python responsible-ai agentic-diffusion cve-2026-25253 trustatom
Python
None
Makefile Python Shell JavaScript HTML CSS PowerShell Dockerfile Kotlin Swift
A practitioner-focused reference for AI/ML security — attacks, tools, research, and defenses. Covers offensive AI, securing AI systems, AI-assisted security operations, and governance.
Open-source cross-modal and multimodal prompt injection test suite. 250,000+ attack payloads across text, image, document, and audio modalities. Research-backed by OWASP LLM Top 10, CrossInject (ACM MM 2025), FigStep (AAAI 2025), DolphinAttack, and CSA 2026.
Python Shell
A curated timeline of real AI agent security incidents, breaches, and vulnerabilities (2024-2026). Every entry sourced and dated.
ai-agent-security ai-agents ai-security awesome-list cybersecurity llm-security mcp-security prompt-injection supply-chain-security adversarial-attacks agent-security agentic-ai ai-attacks ai-safety cve incident-response owasp red-team security-research vulnerability
Security scanner for MCP-connected AI agent pipelines — 77 rules, 13 scanners, OWASP Agentic 10/10, GitHub Action, SARIF, compliance mapping
ai-agent ai-security claude-code github-action mcp mcp-security owasp sarif scanner security supply-chain-security tool-poisoning ai-agent-security ai-safety security-scanner static-analysis
Python Dockerfile Shell TypeScript
Learn agent fundamentals from scratch in one day (about 9 hours)! I wrote this tutorial to show that agents are actually very simple. 零基础一天 (9小时)学完agent!写这个教程就是想告诉大家,Agent其实非常简单!
Python
None
HTML Shell
None
Python Dockerfile Shell JavaScript HTML CSS
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-68664 vulnerability anywhere in the article.
-
The Hacker News
⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More
Dec 29, 2026Ravie LakshmananHacking News / Cybersecurity Last week's cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust ev ... Read more
-
CybersecurityNews
M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users
An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens from active users. Potentially gaining unauthorized access to sensitive do ... Read more
-
The Hacker News
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
Dec 26, 2025Ravie LakshmananAI Security / DevSecOps A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence ... Read more
-
CybersecurityNews
Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems
A critical vulnerability in LangChain’s core library (CVE-2025-68664) allows attackers to exfiltrate sensitive environment variables and potentially execute code through deserialization flaws. Discove ... Read more
-
Daily CyberSecurity
The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft
A critical vulnerability was found in LangChain, the popular open-source framework used to power Large Language Model (LLM) agents. The flaw, tracked as CVE-2025-68664, carries a severe CVSS score of ... Read more
The following table lists the changes that have been made to the
CVE-2025-68664 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Reanalysis by [email protected]
Jan. 13, 2026
Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:* versions up to (excluding) 0.3.81 *cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:* versions from (including) 1.0.0 up to (excluding) 1.2.5 OR *cpe:2.3:a:langchain:langchain_core:*:*:*:*:*:python:*:* versions up to (excluding) 0.3.81 *cpe:2.3:a:langchain:langchain_core:*:*:*:*:*:python:*:* versions from (including) 1.0.0 up to (excluding) 1.2.5 -
Initial Analysis by [email protected]
Jan. 13, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Added CPE Configuration OR *cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:* versions up to (excluding) 0.3.81 *cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:* versions from (including) 1.0.0 up to (excluding) 1.2.5 Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8 Types: Patch Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6 Types: Patch Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/pull/34455 Types: Issue Tracking, Patch Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/pull/34458 Types: Issue Tracking, Patch Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81 Types: Release Notes Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5 Types: Release Notes Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm Types: Exploit, Vendor Advisory Added Reference Type CISA-ADP: https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm Types: Exploit, Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Dec. 24, 2025
Action Type Old Value New Value Added Reference https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm -
New CVE Received by [email protected]
Dec. 23, 2025
Action Type Old Value New Value Added Description LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N Added CWE CWE-502 Added Reference https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8 Added Reference https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6 Added Reference https://github.com/langchain-ai/langchain/pull/34455 Added Reference https://github.com/langchain-ai/langchain/pull/34458 Added Reference https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81 Added Reference https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5 Added Reference https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm