AI description
CVE-2025-68664 is a serialization injection vulnerability found in LangChain, a framework used for building agents and LLM-powered applications. The vulnerability exists in versions prior to 0.3.81 and 1.2.5, specifically within the `dumps()` and `dumpd()` functions. These functions fail to properly escape dictionaries containing the `'lc'` key during serialization. The `'lc'` key is used internally by LangChain to identify serialized objects. When user-controlled data includes this key structure, the system incorrectly interprets it as a legitimate LangChain object during deserialization, rather than treating it as plain user data. This can allow attackers to exfiltrate sensitive environment variables and potentially execute code. The vulnerability has been addressed in versions 0.3.81 and 1.2.5.
- Description
- LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- langchain_core
CVSS 3.1
- Type
- Primary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-502
- Hype score
- Not currently trending
Prompt security isn’t enough. LangGrinch (CVE-2025-68664) in langchain-core. Patch 0.3.81+ or 1.2.5+. Agent SDKs are Tier 1 deps. In your patch SLA? https://t.co/UuPcWRy84B #SupplyChainSecurity #Cybersecurity https://t.co/GC0yfT8E4X
@Wisr_AI
4 Feb 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A high-severity serialization injection vulnerability in langchain-core (CVE-2025-68664) enables secret extraction and malicious effects via an unescaped lc marker. Mitigations include patched upgrades and Defender integrations. #LangChain #AppSec https://t.co/bPdlcX2fwD
@TweetThreatNews
1 Feb 2026
197 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
A serialization injection flaw (CVE-2025-68664, “LangGrinch”) in langchain-core Python package enables attackers to instantiate malicious objects via reserved lc key. Microsoft patches and detection tools available. #LangChain #SerializationFlaw https://t.co/25g2FJfxxW
@TweetThreatNews
1 Feb 2026
191 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Microsoft Case Study: LangGrinch (CVE-2025-68664) Shows How AI Framework Bugs Become Supply-Chain Exploits Microsoft breaks down “LangGrinch” (CVE-2025-68664, CVSS 9.3) in LangChain Core—a serialization/deserialization injection via the reserved `lc` marker that can l
@ThreatSynop
30 Jan 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 [ ADVISORY ] CASE_LOG_001 AI output is UNTRUSTED input. LangGrinch (CVE-2025-68664) proves prompt injection = RCE. Sandbox your agents now. [ 🔻 LINK ] https://t.co/TW3Gg2Ma5B #CyberSecurityAwareness #artificial_intelligence https://t.co/y8Z68XYNPL
@MatrixSecHub
29 Jan 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE in LangChain Core (847M+ downloads) CVE-2025-68664 allows unsafe deserialization via LLM outputs, enabling secret exfiltration, SSRF, and potential RCE across common LangChain workflows. While most teams are still assessing impact and planning patches, Root ht
@Teamrootio
6 Jan 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 LangChain Core [—] Jan 05, 2026 Comprehensive Product Security Advisory and Risk Assessment for LangChain Core Serialization Injection Vulnerability (CVE-2025-68664) and Associated Agent System Risks. Checkout our Threat Intelligence Platform:... https://t.co/kk0AjBZt6m
@transilienceai
5 Jan 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Started publishing weekly roundups of what's happening in #AppSec world 🌎 MongoDB CVE that hit self-hosted instances tokenless CSRF making it into OWASP guidance OpenPGP implementation bugs. LangChain CVE-2025-68664 TruffleHog's JWT liveness checks.
@sshivasurya
5 Jan 2026
114 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
1 Quote
⚠️ LangChain Core Vulnerability Allows Prompt Injection and Data Exposure (CVE-2025-68664) https://t.co/16fpPePCc4 A critical flaw in LangChain Core’s serialization functions (dumps()/dumpd()) lets attackers inject malicious object structures via prompt injection and uns
@Huntio
3 Jan 2026
513 Impressions
3 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 LangChain.js [—] Jan 03, 2026 Critical Security Advisory: CVE-2025-68664 LangChain Serialization Injection & Related Vulnerabilities Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence https://t.co/LcCl4WTpzf
@transilienceai
3 Jan 2026
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical vulnerabilities were published December 23, 2025 affecting LangChain Python (CVE-2025-68664, CVSS 9.3) and JavaScript (CVE-2025-68665, CVSS 8.6). Both are serialization injection flaws in dumps(), dumpd(), and toJSON() methods. The vulnerability: User-controlled
@ignorePriorSec
30 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical vulnerabilities were published December 23, 2025 affecting LangChain Python (CVE-2025-68664, CVSS 9.3) and JavaScript (CVE-2025-68665, CVSS 8.6). Both are serialization injection flaws in dumps(), dumpd(), and toJSON() methods. The vulnerability: User-controlled
@ignorePriorSec
29 Dec 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
este CVE-2025-68664 esta medio escondido entre la demas pila de cosas que hay para el fin de año. Langchain es un framework para desarrollos con AI y sus devs seguro lo han probado. critical serialization injection vulnerability affecting the LangChain framework
@hmier
29 Dec 2025
120 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Multiple vulnerabilities in #LangChain. #CVE-2025-68664 CVSS: 9.3 #CVE-2025-68665 CVSS: 8.6. These are both serialization injection vulnerabilities. #Patch #Patch #Patch https://t.co/ljDdkgeamx
@CCBalert
29 Dec 2025
267 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Your AI agent can leak your keys without anyone hacking you. Opinion: LLM output is untrusted input. Cost: one leak means rotated keys, blown budget, and a week of cleanup. Proof: LangChain CVE-2025-68664 (9.3 Critical). dumps()/dumpd() can treat a user dict with a reserved “l
@AITools20
29 Dec 2025
191 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
🚨 LangChain Core Critical Flaw CVE-2025-68664 (CVSS 9.3) enables serialization injection, exposing secrets & enabling prompt-based attacks in LLM apps. 🔍 Details via Vulert 👉https://t.co/do7Wstb9Nh #LangChain #CVE #AISecurity #DevSecOps
@vulert_official
29 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
LangChain Core has a critical bug that lets attackers extract secrets and steer LLM output. The issue, CVE-2025-68664 (CVSS 9.3), abuses how user data with lc keys is deserialized as trusted objects. Prompt injection can trigger it through normal LLM responses. https://t.co/fCmM
@FartslonF
27 Dec 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 LangGrinch: Critical LangChain-Core Bug Enables Secret Theft via Serialization Injection (CVE-2025-68664) Attackers can inject crafted `lc`-key objects through user-influenced fields (e.g., `metadata`, `additional_kwargs`, `response_metadata`) so `dumps()/dumpd()` content is
@ThreatSynop
27 Dec 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical LangChain Serialization Injection Bug Exposes Secrets and May Enable Code Execution A critical flaw in langchain-core (CVE-2025-68664) lets attackers inject crafted “lc” structures so user-controlled data is treated as LangChain objects during deserialization,
@ThreatSynop
27 Dec 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical LangChain Flaw Lets Attackers Exfiltrate Secrets via Unsafe Deserialization A critical bug in langchain-core serialization (CVE-2025-68664) enables prompt/LLM-output–influenced data to trigger unsafe deserialization paths (e.g., logging/streaming/caching), leaking
@ThreatSynop
27 Dec 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
How CVE-2025-68664 Allows Hackers to Siphon Your Private Data Directly from the vLLM Engine Read the full report on - https://t.co/9Aji9Icga9 https://t.co/NeYgkLm8Pj
@cyberbivash
27 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical LangChain Core Vulnerability: "LangGrinch" (CVE-2025-68664, CVSS 9.3) 🚨 Prompt injection exploits a serialization flaw in dumps()/dumpd() — failing to escape the internal "lc" key lets tainted LLM output get deserialized as trusted objects. Result: Secret leaks
@adenner
27 Dec 2025
109 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical LangChain Vulnerability (CVE-2025-68664) Puts LLM Apps at Risk #Cybersecurity #cyashadotcom #JanaNayaganAudioLaunch https://t.co/MoAsUFrqjj
@cyashadotcom
27 Dec 2025
358 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68664: patch LangChain now. Read More: https://t.co/XMxW6mlYZP #Sec #Vuln #Patch #LangChain #Sec #Vuln #Patch #LangChain
@true_redfence
27 Dec 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【LangChain CoreのCVE-2025-68664、修正版公開】 langchain-coreのdumps()/dumpd()で、ユーザー入力に含まれる予約キー「lc」が適切にエスケープされず、load()/loads()でLangChainオブジェクトとして扱われ得る脆弱性(CVE-2025-68664)
@LangChainJP
27 Dec 2025
976 Impressions
1 Retweet
8 Likes
2 Bookmarks
1 Reply
0 Quotes
LangChain CVE-2025-68664 (CVSS 9.3) 🚨 Prompt Injection is now triggering Deserialization! 🤯 The game has changed. Hunters, are you fuzzing lc keys or doing deep Code Review for this? 👇 @rez0__ @zwt @nahamsec @Jhaddix @securibee @Rhynorater https://t.co/FZAIXRobD
@MRTUFAN_BD
27 Dec 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Falha crítica no LangChain Core permite roubo de segredos e manipulação de respostas: Vulnerabilidade CVE-2025-68664 permite injeção de objetos via serialização, expondo dados sensíveis e possibilitando execuções maliciosas; atualização urgente é recomendada. https:/
@caveiratech
26 Dec 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
All I Want for Christmas Is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664) - Cyata | The Control Plane for Agentic Identity https://t.co/jpzB5SIQXB # #devtalk
@dev_talk
26 Dec 2025
67 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! Is your LangChain app leaking secrets? Uncover how CVE-2025-68664 enables injection attacks and what steps you must take to secure your AI stack.
@PurpleOps_io
26 Dec 2025
66 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68664 - Lord of the Strings: The Return of the 'lc' Key --- In the land of AI agents, so shiny and bright, LangChain was the framework that felt just right. One hundred twenty-three thousand stars in the sky, But nobody noticed the bug slipping by. --- The dumps()
@gothburz
26 Dec 2025
3033 Impressions
2 Retweets
32 Likes
5 Bookmarks
3 Replies
1 Quote
Czy jesteś gotów na nową falę zagrożeń cyberbezpieczeństwa dla aplikacji AI? Nowo odkryta podatność w (CVE-2025-68664) osłabia aplikacje AI, umożliwiając kradzież danych i zdalne wykonanie kodu. Bądź na bieżąco! #LangChain #Cybersecurity #AI https://t.co/mjaRQ
@VIPentest
26 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability in LangChain -- CVE-2025-68664: https://t.co/REzlUDGesF
@yoshiks
26 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical LangChain Core vulnerability (CVE-2025-68664) allows attackers to steal secrets and manipulate LLM behavior via serialization injection flaws. https://t.co/bY83uz78PC #CyberSecurity #LangChain #LLMSecurity #PromptInjection #AIThreats #AppSec #CloudSecurity https://t.
@redsecuretech
26 Dec 2025
159 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
生成AIアプリ基盤として広く使われるLangChainの中核ライブラリに、秘密情報の窃取や応答改変につながる重大な欠陥が判明した(CVE-2025-68664)。巧妙な入力で内部処理を誤作動させ、LLMを攻撃者の意図通りに振る
@yousukezan
26 Dec 2025
2903 Impressions
12 Retweets
23 Likes
20 Bookmarks
0 Replies
0 Quotes
#HuttonAIAlerts 🚨 Critical AI Vulnerability Alert 🚨 A CVSS 9.3 flaw (CVE-2025-68664) just hit LangChain. Attackers can now exfiltrate your system secrets and API keys via simple prompt injection. Your AI "brain" shouldn't be a security liability. (1/4) https://t.co/Y
@HuttonTech
26 Dec 2025
12 Impressions
7 Retweets
8 Likes
0 Bookmarks
1 Reply
0 Quotes
LangChain Core has a critical bug that lets attackers extract secrets and steer LLM output. The issue, CVE-2025-68664 (CVSS 9.3), abuses how user data with lc keys is deserialized as trusted objects. Prompt injection can trigger it through normal LLM responses. 🔗 Read → ht
@TheHackersNews
26 Dec 2025
10905 Impressions
26 Retweets
76 Likes
14 Bookmarks
4 Replies
2 Quotes
🚨Vulnerability Alert ‼️ Security researcher Yarden Porat discovered a vulnerability in LangChain that exploits how the framework handles internal serialization markers. The flaw, dubbed CVE-2025-68664, received a CVSS score of 9.3, indicating critical severity. Source:
@H4ckmanac
26 Dec 2025
4762 Impressions
4 Retweets
25 Likes
6 Bookmarks
1 Reply
0 Quotes
All I Want for Christmas Is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664) https://t.co/uidbKTMqUd
@NytroRST
26 Dec 2025
132 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Today's top 5 cybersecurity news - December 26, 2025 1. A critical vulnerability identified as CVE-2025-68664 has been discovered in LangChain, a widely used AI framework, allowing attackers to extract sensitive environment variable secrets and potentially execute code through a
@NewsNerdie
26 Dec 2025
79 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
LangChain core vuln CVE-2025-68664 allowed env var exfiltration and possible code execution via deserialization flaws, patched just before Christmas 2025. Update now. #Vulnerability https://t.co/sbZrFg791Z
@threatcluster
26 Dec 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 𝐖𝐞 𝐟𝐨𝐮𝐧𝐝 𝐚 𝐜𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐢𝐧 𝐋𝐚𝐧𝐠𝐂𝐡𝐚𝐢𝐧. Upgrade to langchain-core 1.2.5 or 0.3.81 immediately. Cyata's security researcher Yarden Porat discovere
@TeamCyata
26 Dec 2025
326 Impressions
2 Retweets
8 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Critical Langchain Vulnerability Let Attackers Exfiltrate Sensitive Secrets from AI systems Source: https://t.co/jcmomQRsvF A critical vulnerability in LangChain's core library (CVE-2025-68664) allows attackers to exfiltrate sensitive environment variables and potentia
@The_Cyber_News
26 Dec 2025
2812 Impressions
14 Retweets
63 Likes
18 Bookmarks
3 Replies
0 Quotes
Cyata Security Ltd. reports a critical vulnerability in langchain-core, named “LangGrinch” (CVE-2025-68664), endangering AI agent secrets with a CVSS score of 9.3, raising serious security concerns in AI production environments. #LangGrinch #CyberSecurity https://t.co/ynUJLQa
@Cyber_O51NT
26 Dec 2025
1929 Impressions
74 Retweets
45 Likes
1 Bookmark
0 Replies
0 Quotes
Merry Christmas... 9.3 Critical... CVE-2025-68664 (Langchain, AI pipelines) https://t.co/FeaZityVrX https://t.co/gw1bBnKxYg
@JasonGiedymin
25 Dec 2025
105 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
All I Want for Christmas Is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664) https://t.co/3WSFrPS0h9
@jedisct1
25 Dec 2025
1340 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
0 Quotes
クリスマスに欲しいのはあなたの秘密だけ:LangGrinch が LangChain を攻撃(CVE-2025-68664) All I Want for Xmas Is Your Secrets: LangGrinch Hits LangChain (CVE-2025-68664) https://t.co/C7qlAxJHRf 2025-12-26 05:00:08 +0900
@hackernewsj
25 Dec 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ LangGrinch (CVE-2025-68664) vole vos secrets LangChain — êtes-vous exposé ? Un bug de sérialisation dans langchain-core permet à une sortie LLM malveillante d’être réhydratée en objet. Risque : extraction de variables d’environnement et instanciation d’obje
@Eremas8
25 Dec 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-68664 (CVSS 9.3): LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs LangChain is vulnerable to serialization injection. Untrusted data with 'lc' keys can be deserialized as malicious objects, enabling secret extraction vi
@zoomeye_team
25 Dec 2025
5130 Impressions
12 Retweets
71 Likes
27 Bookmarks
1 Reply
0 Quotes
LangChain serialization injection (CVE-2025-68664) allows secret extraction via `dumps/loads` APIs. Upgrade to 2e0bed6a21610618b7040cebc6b3b927e120a51a. #LangChain #Security #AI https://t.co/r9px0d5XW5
@pulsepatchio
24 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-68664 hits LangChain (<=1.2.4, <0.3.81)! Untrusted deserialization flaw risks code execution & data leaks. Patch to 1.2.5/0.3.81 ASAP! 🔒 Details: https://t.co/TwaZnkzo1T #OffSeq #LangChain... https://t.co/yeS4HSDBT9
@offseq
24 Dec 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:langchain:langchain_core:*:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "DC184324-6CF1-4F7A-B87F-6DD2120C3B3B",
"versionEndExcluding": "0.3.81"
},
{
"criteria": "cpe:2.3:a:langchain:langchain_core:*:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "4298E953-ED96-49EC-8474-86095D560F2B",
"versionEndExcluding": "1.2.5",
"versionStartIncluding": "1.0.0"
}
],
"operator": "OR"
}
]
}
]