AI description
CVE-2025-68664 is a serialization injection vulnerability found in LangChain, a framework used for building agents and LLM-powered applications. The vulnerability exists in versions prior to 0.3.81 and 1.2.5, specifically within the `dumps()` and `dumpd()` functions. These functions fail to properly escape dictionaries containing the `'lc'` key during serialization. The `'lc'` key is used internally by LangChain to identify serialized objects. When user-controlled data includes this key structure, the system incorrectly interprets it as a legitimate LangChain object during deserialization, rather than treating it as plain user data. This can allow attackers to exfiltrate sensitive environment variables and potentially execute code. The vulnerability has been addressed in versions 0.3.81 and 1.2.5.
- Description
- LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- langchain_core
CVSS 3.1
- Type
- Primary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-502
- Hype score
- Not currently trending
LangChain has a critical vulnerability. CVSS 9.3. Prompt injection and data exposure. CVE-2025-68664. In the core framework powering millions of AI agent deployments. Not a misconfiguration. Not a deployment error. The... #RuntimeAI #AIGovernance #AIAgents #CISO #CFO https://t
@RuntimeAI_io
29 Apr 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
3 critical LangChain CVEs just dropped. CVE-2026-34070: path traversal (CVSS 7.5) CVE-2025-68664: API key leakage (CVSS 9.3) CVE-2025-67644: SQL injection (CVSS 7.3) 52 million downloads/week. When did you last test your LangChain agent? pip install crucible-security Link in Bio
@Crucible_Sec
25 Apr 2026
1 Impression
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
LangChain 1.0安定版リリースと同時期にCVE-2025-68664(CVSS 9.3)シリアライゼーションインジェクション・シークレット漏洩が公開。安定版移行は推奨だが、移行前に現行パイプラインの脆弱性スキャンを先に実施
@aidriven1234
21 Apr 2026
140 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
LangChain in production? Three moves today: 1. Upgrade langchain-core to 1.2.5 / 0.3.81+ 2. Audit flows calling dumps() on LLM output 3. Block outbound env var egress LangGrinch (CVE-2025-68664, CVSS 9.3) leaks secrets via the lc key. #LangChain #AISecurity
@NYsquaredAI
10 Apr 2026
156 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
LangChain利用中の方へ! ①core 1.2.5/0.3.81+へ更新 ②dumps()通過のLLM出力監査 ③env外部送信を遮断 LangGrinch(CVE-2025-68664・CVSS 9.3)で秘密情報流出。 #LangChain
@NYsquaredAI
10 Apr 2026
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
3 serious CVEs just dropped for LangChain + LangGraph: - CVE-2025-68664 (CVSS 9.3): API keys & env secrets leak via unsafe deserialization - CVE-2026-34070 (CVSS 7.5): Path traversal -- arbitrary file read - CVE-2025-67644 (CVSS 7.3): SQL injection into conversation history
@NYsquaredAI
4 Apr 2026
256 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
LangChain CVE-2025-68664 (CVSS 9.3): serialized payloads exfiltrate secrets during tool execution. patch exists. interesting deployment strategy: ship the vulnerability, defer the fix, hope nobody notices. (they noticed.) → https://t.co/hGJ1lZs0GN #CVE #AgentSecurity #LLMOps
@theagentcop
4 Apr 2026
180 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68664: CVSS 9.3 serialization flaw in LangChain Core enables secret extraction via prompt injection. if your agent runs langchain-core<0.3.81, you're leaking credentials right now. patch immediately. #AIAgents #LLMSecurity #CVE
@theagentcop
3 Apr 2026
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
LangChainにCVSS 9.3の重大脆弱性「LangGrinch」(CVE-2025-68664)。dumps()/dumpd()のデシリアライゼーションがプロンプトインジェクションと組み合わさりAPIキー・AWSシークレットが漏洩する。週5,200万DLのパッケージが対
@aidriven1234
2 Apr 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68664: LangChain Serialization Flaw - What It Means for Your Business and How to Respond https://t.co/7VGMEWncrh
@integ_sec
1 Apr 2026
168 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Three vulnerabilities in LangChain & LangGraph: path traversal flaw (CVE-2026-34070, CVSS 7.5) exposed files, deserialization bug (CVE-2025-68664, CVSS 9.3) leaked API keys. #security #LangChain #LangGraph
@bigmacd16684
30 Mar 2026
143 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📢 𝐍𝐞𝐰 𝐂𝐕𝐄 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐣𝐮𝐬𝐭 𝐝𝐫𝐨𝐩𝐩𝐞𝐝! Uncover how CVE-2025-68664 exposes critical deserialization flaws in LangChain and LangGraph, risking data leaks and cloud exposure across AI deployments. 📖 Check th
@PurpleOps_io
28 Mar 2026
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: Three critical flaws just dropped for LangChain & LangGraph — the AI frameworks powering millions of enterprise deployments. CVE-2025-68664 (CVSS 9.3): An attacker can use prompt injection to make your LLM exfiltrate your own API keys. https://t.co/GrBSYPpHc
@nxtgen579255
28 Mar 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
TRC analysis shows attackers exploiting LangChain deserialization flaws to inject malicious data and access environment secrets (CVE-2025-68664). Initial compromise leads to credential theft, then lateral movement across cloud services. Runtime segmentation helps contain
@aviatrixtrc
27 Mar 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 LangChain重大脆弱性 CVE-2025-68664(CVSS 9.3)12の脆弱なフローで秘密情報漏洩・任意コード実行の可能性。LangChain.jsも影響。早急なパッチ適用を https://t.co/MJ1fEqufOP #LangChain #セキュリティ #脆弱性
@neural_nw_ai
19 Mar 2026
176 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68664: ALERTA CRÍTICA POR INYECCIÓN DE SERIALIZACIÓN EN EL FRAMEWORK LANGCHAIN https://t.co/Er1JxJ1fw7
@KernelReload
15 Mar 2026
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Clear the session, clear the threat. That assumption just failed. LangChain CVE-2025-68664 demonstrated how malicious instructions in LLM response fields persist through serialization cycles. One prompt injection in cached data becomes durable compromise. The instruction doesn't
@_MrDecentralize
10 Mar 2026
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68664 (LangGrinch): LangChain deserializes LLM-influenced data as trusted objects. Prompt injection → secret leakage. We recreated 2000s serialization bugs, but with AI. "Autonomous agents" in prod without architecture review. A tutorial of what NOT to do.
@CisoRaging77913
16 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
3 Replies
0 Quotes
Prompt security isn’t enough. LangGrinch (CVE-2025-68664) in langchain-core. Patch 0.3.81+ or 1.2.5+. Agent SDKs are Tier 1 deps. In your patch SLA? https://t.co/UuPcWRy84B #SupplyChainSecurity #Cybersecurity https://t.co/GC0yfT8E4X
@Wisr_AI
4 Feb 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A high-severity serialization injection vulnerability in langchain-core (CVE-2025-68664) enables secret extraction and malicious effects via an unescaped lc marker. Mitigations include patched upgrades and Defender integrations. #LangChain #AppSec https://t.co/bPdlcX2fwD
@TweetThreatNews
1 Feb 2026
197 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
A serialization injection flaw (CVE-2025-68664, “LangGrinch”) in langchain-core Python package enables attackers to instantiate malicious objects via reserved lc key. Microsoft patches and detection tools available. #LangChain #SerializationFlaw https://t.co/25g2FJfxxW
@TweetThreatNews
1 Feb 2026
191 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Microsoft Case Study: LangGrinch (CVE-2025-68664) Shows How AI Framework Bugs Become Supply-Chain Exploits Microsoft breaks down “LangGrinch” (CVE-2025-68664, CVSS 9.3) in LangChain Core—a serialization/deserialization injection via the reserved `lc` marker that can l
@ThreatSynop
30 Jan 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 [ ADVISORY ] CASE_LOG_001 AI output is UNTRUSTED input. LangGrinch (CVE-2025-68664) proves prompt injection = RCE. Sandbox your agents now. [ 🔻 LINK ] https://t.co/TW3Gg2Ma5B #CyberSecurityAwareness #artificial_intelligence https://t.co/y8Z68XYNPL
@MatrixSecHub
29 Jan 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE in LangChain Core (847M+ downloads) CVE-2025-68664 allows unsafe deserialization via LLM outputs, enabling secret exfiltration, SSRF, and potential RCE across common LangChain workflows. While most teams are still assessing impact and planning patches, Root ht
@Teamrootio
6 Jan 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 LangChain Core [—] Jan 05, 2026 Comprehensive Product Security Advisory and Risk Assessment for LangChain Core Serialization Injection Vulnerability (CVE-2025-68664) and Associated Agent System Risks. Checkout our Threat Intelligence Platform:... https://t.co/kk0AjBZt6m
@transilienceai
5 Jan 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Started publishing weekly roundups of what's happening in #AppSec world 🌎 MongoDB CVE that hit self-hosted instances tokenless CSRF making it into OWASP guidance OpenPGP implementation bugs. LangChain CVE-2025-68664 TruffleHog's JWT liveness checks.
@sshivasurya
5 Jan 2026
114 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
1 Quote
⚠️ LangChain Core Vulnerability Allows Prompt Injection and Data Exposure (CVE-2025-68664) https://t.co/16fpPePCc4 A critical flaw in LangChain Core’s serialization functions (dumps()/dumpd()) lets attackers inject malicious object structures via prompt injection and uns
@Huntio
3 Jan 2026
513 Impressions
3 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 LangChain.js [—] Jan 03, 2026 Critical Security Advisory: CVE-2025-68664 LangChain Serialization Injection & Related Vulnerabilities Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence https://t.co/LcCl4WTpzf
@transilienceai
3 Jan 2026
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical vulnerabilities were published December 23, 2025 affecting LangChain Python (CVE-2025-68664, CVSS 9.3) and JavaScript (CVE-2025-68665, CVSS 8.6). Both are serialization injection flaws in dumps(), dumpd(), and toJSON() methods. The vulnerability: User-controlled
@ignorePriorSec
30 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical vulnerabilities were published December 23, 2025 affecting LangChain Python (CVE-2025-68664, CVSS 9.3) and JavaScript (CVE-2025-68665, CVSS 8.6). Both are serialization injection flaws in dumps(), dumpd(), and toJSON() methods. The vulnerability: User-controlled
@ignorePriorSec
29 Dec 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
este CVE-2025-68664 esta medio escondido entre la demas pila de cosas que hay para el fin de año. Langchain es un framework para desarrollos con AI y sus devs seguro lo han probado. critical serialization injection vulnerability affecting the LangChain framework
@hmier
29 Dec 2025
120 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Multiple vulnerabilities in #LangChain. #CVE-2025-68664 CVSS: 9.3 #CVE-2025-68665 CVSS: 8.6. These are both serialization injection vulnerabilities. #Patch #Patch #Patch https://t.co/ljDdkgeamx
@CCBalert
29 Dec 2025
267 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Your AI agent can leak your keys without anyone hacking you. Opinion: LLM output is untrusted input. Cost: one leak means rotated keys, blown budget, and a week of cleanup. Proof: LangChain CVE-2025-68664 (9.3 Critical). dumps()/dumpd() can treat a user dict with a reserved “l
@AITools20
29 Dec 2025
191 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
🚨 LangChain Core Critical Flaw CVE-2025-68664 (CVSS 9.3) enables serialization injection, exposing secrets & enabling prompt-based attacks in LLM apps. 🔍 Details via Vulert 👉https://t.co/do7Wstb9Nh #LangChain #CVE #AISecurity #DevSecOps
@vulert_official
29 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
LangChain Core has a critical bug that lets attackers extract secrets and steer LLM output. The issue, CVE-2025-68664 (CVSS 9.3), abuses how user data with lc keys is deserialized as trusted objects. Prompt injection can trigger it through normal LLM responses. https://t.co/fCmM
@FartslonF
27 Dec 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 LangGrinch: Critical LangChain-Core Bug Enables Secret Theft via Serialization Injection (CVE-2025-68664) Attackers can inject crafted `lc`-key objects through user-influenced fields (e.g., `metadata`, `additional_kwargs`, `response_metadata`) so `dumps()/dumpd()` content is
@ThreatSynop
27 Dec 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical LangChain Serialization Injection Bug Exposes Secrets and May Enable Code Execution A critical flaw in langchain-core (CVE-2025-68664) lets attackers inject crafted “lc” structures so user-controlled data is treated as LangChain objects during deserialization,
@ThreatSynop
27 Dec 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical LangChain Flaw Lets Attackers Exfiltrate Secrets via Unsafe Deserialization A critical bug in langchain-core serialization (CVE-2025-68664) enables prompt/LLM-output–influenced data to trigger unsafe deserialization paths (e.g., logging/streaming/caching), leaking
@ThreatSynop
27 Dec 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
How CVE-2025-68664 Allows Hackers to Siphon Your Private Data Directly from the vLLM Engine Read the full report on - https://t.co/9Aji9Icga9 https://t.co/NeYgkLm8Pj
@cyberbivash
27 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical LangChain Core Vulnerability: "LangGrinch" (CVE-2025-68664, CVSS 9.3) 🚨 Prompt injection exploits a serialization flaw in dumps()/dumpd() — failing to escape the internal "lc" key lets tainted LLM output get deserialized as trusted objects. Result: Secret leaks
@adenner
27 Dec 2025
109 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical LangChain Vulnerability (CVE-2025-68664) Puts LLM Apps at Risk #Cybersecurity #cyashadotcom #JanaNayaganAudioLaunch https://t.co/MoAsUFrqjj
@cyashadotcom
27 Dec 2025
358 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68664: patch LangChain now. Read More: https://t.co/XMxW6mlYZP #Sec #Vuln #Patch #LangChain #Sec #Vuln #Patch #LangChain
@true_redfence
27 Dec 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【LangChain CoreのCVE-2025-68664、修正版公開】 langchain-coreのdumps()/dumpd()で、ユーザー入力に含まれる予約キー「lc」が適切にエスケープされず、load()/loads()でLangChainオブジェクトとして扱われ得る脆弱性(CVE-2025-68664)
@LangChainJP
27 Dec 2025
976 Impressions
1 Retweet
8 Likes
2 Bookmarks
1 Reply
0 Quotes
LangChain CVE-2025-68664 (CVSS 9.3) 🚨 Prompt Injection is now triggering Deserialization! 🤯 The game has changed. Hunters, are you fuzzing lc keys or doing deep Code Review for this? 👇 @rez0__ @zwt @nahamsec @Jhaddix @securibee @Rhynorater https://t.co/FZAIXRobD
@MRTUFAN_BD
27 Dec 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Falha crítica no LangChain Core permite roubo de segredos e manipulação de respostas: Vulnerabilidade CVE-2025-68664 permite injeção de objetos via serialização, expondo dados sensíveis e possibilitando execuções maliciosas; atualização urgente é recomendada. https:/
@caveiratech
26 Dec 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
All I Want for Christmas Is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664) - Cyata | The Control Plane for Agentic Identity https://t.co/jpzB5SIQXB # #devtalk
@dev_talk
26 Dec 2025
67 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! Is your LangChain app leaking secrets? Uncover how CVE-2025-68664 enables injection attacks and what steps you must take to secure your AI stack.
@PurpleOps_io
26 Dec 2025
66 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68664 - Lord of the Strings: The Return of the 'lc' Key --- In the land of AI agents, so shiny and bright, LangChain was the framework that felt just right. One hundred twenty-three thousand stars in the sky, But nobody noticed the bug slipping by. --- The dumps()
@gothburz
26 Dec 2025
3033 Impressions
2 Retweets
32 Likes
5 Bookmarks
3 Replies
1 Quote
Czy jesteś gotów na nową falę zagrożeń cyberbezpieczeństwa dla aplikacji AI? Nowo odkryta podatność w (CVE-2025-68664) osłabia aplikacje AI, umożliwiając kradzież danych i zdalne wykonanie kodu. Bądź na bieżąco! #LangChain #Cybersecurity #AI https://t.co/mjaRQ
@VIPentest
26 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability in LangChain -- CVE-2025-68664: https://t.co/REzlUDGesF
@yoshiks
26 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:langchain:langchain_core:*:*:*:*:*:python:*:*",
"matchCriteriaId": "DC184324-6CF1-4F7A-B87F-6DD2120C3B3B",
"versionEndExcluding": "0.3.81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:langchain:langchain_core:*:*:*:*:*:python:*:*",
"matchCriteriaId": "4298E953-ED96-49EC-8474-86095D560F2B",
"versionEndExcluding": "1.2.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]