CVE-2025-68664
📋 TL;DR
A serialization injection vulnerability in LangChain's dumps() and dumpd() functions allows attackers to inject malicious data that gets treated as legitimate LangChain objects during deserialization. This affects all LangChain applications using these functions with user-controlled input. The vulnerability enables arbitrary object deserialization which can lead to remote code execution.
💻 Affected Systems
- LangChain
- LangChain Core
📦 What is this software?
Langchain Core by Langchain
Langchain Core by Langchain
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, and lateral movement within the environment.
Likely Case
Arbitrary code execution within the application context, potentially allowing data exfiltration, privilege escalation, or denial of service.
If Mitigated
Limited impact with proper input validation and sanitization, potentially causing application crashes or unexpected behavior.
🎯 Exploit Status
Exploitation requires user input to reach vulnerable serialization functions, but the injection itself is straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.3.81 or 1.2.5
Vendor Advisory: https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81
Restart Required: No
Instructions:
1. Update LangChain Core: pip install --upgrade langchain-core>=0.3.81
2. Update LangChain: pip install --upgrade langchain>=1.2.5
3. Test serialization functions with your application data
🔧 Temporary Workarounds
Input Validation and Sanitization
allSanitize user input to remove or escape 'lc' keys before passing to serialization functions
Disable Vulnerable Functions
allReplace dumps() and dumpd() with custom serialization that escapes 'lc' keys
🧯 If You Can't Patch
- Implement strict input validation to reject dictionaries containing 'lc' keys
- Use WAF rules to detect and block serialization payloads containing 'lc' key patterns
🔍 How to Verify
Check if Vulnerable:
Check if your code uses langchain.loads() or related functions with user-controlled data containing dictionariesCheck Version:
pip show langchain-core | grep Version && pip show langchain | grep VersionVerify Fix Applied:
Test that dictionaries with 'lc' keys are properly escaped during serialization and treated as plain data📡 Detection & Monitoring
Log Indicators:
- Unexpected deserialization errors
- Unusual process execution from LangChain context
- Stack traces containing langchain.loads()
Network Indicators:
- Unusual outbound connections from LangChain processes
- Data exfiltration patterns
SIEM Query:
source="application_logs" AND ("langchain.loads" OR "serialization error") AND ("lc" OR "injection")🔗 References
- https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8
- https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6
- https://github.com/langchain-ai/langchain/pull/34455
- https://github.com/langchain-ai/langchain/pull/34458
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5
- https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm
- https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm
