CVE-2025-67644 – CVE-2025-67644 is an SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-67644?

CVE-2025-67644 has a CVSS score of 7.3 (HIGH). CVE-2025-67644 is an SQL injection vulnerability in LangGraph SQLite Checkpoint that allows attackers to manipulate SQL queries through metadata filter keys. Applications using vulnerable versions that accept untrusted metadata filter keys in checkpoint search operations are affected. The vulnerability stems from improper input validation in the _metadata_predicate() function.

📋 TL;DR

CVE-2025-67644 is an SQL injection vulnerability in LangGraph SQLite Checkpoint that allows attackers to manipulate SQL queries through metadata filter keys. Applications using vulnerable versions that accept untrusted metadata filter keys in checkpoint search operations are affected. The vulnerability stems from improper input validation in the _metadata_predicate() function.

💻 Affected Systems

Products:

LangGraph SQLite Checkpoint

Versions: 3.0.0 and below

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications that use metadata filter keys in checkpoint search operations. If applications don't use metadata filtering or properly validate keys, risk is reduced.

📦 What is this software?

Langgraph Checkpoint Sqlite by Langchain

View all CVEs affecting Langgraph Checkpoint Sqlite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise including data theft, modification, or deletion; potential remote code execution depending on SQLite configuration and database permissions.

🟠

Likely Case

Unauthorized data access, data manipulation, or denial of service through malicious SQL queries.

🟢

If Mitigated

Limited impact if applications validate/sanitize metadata filter keys before passing to checkpoint operations.

🌐 Internet-Facing: HIGH if application accepts user-controlled metadata filter keys in checkpoint operations exposed to external users.

🏢 Internal Only: MEDIUM if only internal users can supply metadata filter keys, but still poses data integrity risks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires the ability to control metadata filter keys in checkpoint operations. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.1

Vendor Advisory: https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c

Restart Required: No

Instructions:

1. Update LangGraph SQLite Checkpoint to version 3.0.1 or higher. 2. Run: pip install --upgrade langgraph-sqlite-checkpoint>=3.0.1 3. No restart required, but ensure applications reload the updated package.

🔧 Temporary Workarounds

Input Validation/Sanitization

all

Implement strict validation of metadata filter keys before passing to checkpoint operations. Only allow alphanumeric characters and underscores.

Disable Metadata Filtering

all

If metadata filtering is not required, disable or avoid using metadata filter keys in checkpoint operations.

🧯 If You Can't Patch

Implement strict input validation for all metadata filter keys - only allow known safe values.
Use parameterized queries or ORM layers instead of direct SQL construction for checkpoint operations.

🔍 How to Verify

Check if Vulnerable:

Check if using LangGraph SQLite Checkpoint version 3.0.0 or below and if application code passes user-controlled data to metadata filter keys in checkpoint operations.

Check Version:

pip show langgraph-sqlite-checkpoint | grep Version

Verify Fix Applied:

Verify LangGraph SQLite Checkpoint version is 3.0.1 or higher and review code to ensure metadata filter keys are properly validated.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in SQLite logs
Unexpected database errors from checkpoint operations
Suspicious metadata filter patterns

Network Indicators:

N/A - local SQLite database vulnerability

SIEM Query:

Search for SQL error messages containing 'sqlite3' or 'checkpoint' in application logs, particularly with unusual metadata key patterns.

📊 Metadata

CVE ID: CVE-2025-67644

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE: CWE-89

EPSS Score: 0.02% exploit probability (4.7th percentile)

Published: December 11, 2025

Last Updated: March 17, 2026

🔗 References

https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a Patch
https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67644, you might also want to check these: