VYPR
High severityOSV Advisory· Published Nov 21, 2025· Updated Apr 15, 2026

CVE-2025-65106

CVE-2025-65106

Description

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
langchain-corePyPI
>= 1.0.0, < 1.0.71.0.7
langchain-corePyPI
< 0.3.800.3.80

Affected products

6

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.