CVE-2025-68664
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
Description
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
INFO
Published Date :
Dec. 23, 2025, 11:15 p.m.
Last Modified :
Jan. 13, 2026, 3:58 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2025-68664
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Update LangChain to version 0.3.81 or higher.
- Update LangChain to version 1.2.5 or higher.
Public PoC/Exploit Available at Github
CVE-2025-68664 has a 13 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-68664.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-68664 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-68664
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Curated knowledge base tracking pickle deserialization vulnerabilities in ML frameworks. For GRC professionals and security teams.
Python
Unified toolkit for AI-powered repository analysis, monitoring, and code review
Just Python CSS Batchfile Shell Dockerfile HTML PowerShell PLpgSQL
None
https://genai.owasp.org/initiatives/#ai-redteaming
Makefile Python JavaScript Dockerfile Shell
None
Python
None
JavaScript HTML CSS TypeScript
A testing framework to identify and demonstrate deserialization vulnerabilities in LangChain Core (<0.3.81). Educational use only
Python
Local database for: Security vulnerabilities inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Makefile Python
None
Python
🛡️ AI Security Platform: Defense (256 engines) + Offense (39K+ payloads) | OWASP LLM Top 10 | Red Team toolkit for AI | Protect & Pentest your LLMs
adversarial-attacks ai-firewall ai-safety ai-security cybersecurity jailbreak-detection llm-guard llm-security mitre-atlas prompt-injection python ai-red-team llm-attacks offensive-security owasp penetration-testing waf-bypass agentic-ai-security mcp-security multimodal-security
HTML Dockerfile Python CSS JavaScript Shell Jupyter Notebook YARA Go CMake
一个 CVE 漏洞预警知识库,无 exp/poc,部分包含修复方案。A knowledge base of CVE security vulnerability, no PoCs/exploits.
Hacker News
HTML JavaScript Shell
None
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-68664 vulnerability anywhere in the article.
-
The Hacker News
⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More
Dec 29, 2026Ravie LakshmananHacking News / Cybersecurity Last week's cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust ev ... Read more
-
CybersecurityNews
M-Files Vulnerability Let Attacker Capture Session Tokens of Other Active Users
An information disclosure vulnerability in M-Files Server enables authenticated attackers to capture and reuse session tokens from active users. Potentially gaining unauthorized access to sensitive do ... Read more
-
The Hacker News
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
Dec 26, 2025Ravie LakshmananAI Security / DevSecOps A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence ... Read more
-
CybersecurityNews
Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems
A critical vulnerability in LangChain’s core library (CVE-2025-68664) allows attackers to exfiltrate sensitive environment variables and potentially execute code through deserialization flaws. Discove ... Read more
-
Daily CyberSecurity
The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft
A critical vulnerability was found in LangChain, the popular open-source framework used to power Large Language Model (LLM) agents. The flaw, tracked as CVE-2025-68664, carries a severe CVSS score of ... Read more
The following table lists the changes that have been made to the
CVE-2025-68664 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Reanalysis by [email protected]
Jan. 13, 2026
Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:* versions up to (excluding) 0.3.81 *cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:* versions from (including) 1.0.0 up to (excluding) 1.2.5 OR *cpe:2.3:a:langchain:langchain_core:*:*:*:*:*:python:*:* versions up to (excluding) 0.3.81 *cpe:2.3:a:langchain:langchain_core:*:*:*:*:*:python:*:* versions from (including) 1.0.0 up to (excluding) 1.2.5 -
Initial Analysis by [email protected]
Jan. 13, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Added CPE Configuration OR *cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:* versions up to (excluding) 0.3.81 *cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:* versions from (including) 1.0.0 up to (excluding) 1.2.5 Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8 Types: Patch Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6 Types: Patch Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/pull/34455 Types: Issue Tracking, Patch Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/pull/34458 Types: Issue Tracking, Patch Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81 Types: Release Notes Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5 Types: Release Notes Added Reference Type GitHub, Inc.: https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm Types: Exploit, Vendor Advisory Added Reference Type CISA-ADP: https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm Types: Exploit, Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Dec. 24, 2025
Action Type Old Value New Value Added Reference https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm -
New CVE Received by [email protected]
Dec. 23, 2025
Action Type Old Value New Value Added Description LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N Added CWE CWE-502 Added Reference https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8 Added Reference https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6 Added Reference https://github.com/langchain-ai/langchain/pull/34455 Added Reference https://github.com/langchain-ai/langchain/pull/34458 Added Reference https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81 Added Reference https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5 Added Reference https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm