Critical severityOSV Advisory· Published Dec 23, 2025· Updated Dec 24, 2025
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
CVE-2025-68664
Description
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langchain-corePyPI | >= 1.0.0, < 1.2.5 | 1.2.5 |
langchain-corePyPI | < 0.3.81 | 0.3.81 |
Affected products
12- Range: langchain-ai21==0.1.4, langchain-ai21==0.1.5, langchain-ai21==0.1.6, …
- osv-coords11 versionspkg:apk/chainguard/py3.10-langchainpkg:apk/chainguard/py3.11-langchainpkg:apk/chainguard/py3.12-langchainpkg:apk/chainguard/py3.13-langchainpkg:apk/chainguard/py3-langchainpkg:apk/wolfi/py3.10-langchainpkg:apk/wolfi/py3.11-langchainpkg:apk/wolfi/py3.12-langchainpkg:apk/wolfi/py3.13-langchainpkg:apk/wolfi/py3-langchainpkg:pypi/langchain-core
< 1.2.6-r0+ 10 more
- (no CPE)range: < 1.2.6-r0
- (no CPE)range: < 1.2.6-r0
- (no CPE)range: < 1.2.6-r0
- (no CPE)range: < 1.2.6-r0
- (no CPE)range: < 1.2.6-r0
- (no CPE)range: < 1.2.6-r0
- (no CPE)range: < 1.2.6-r0
- (no CPE)range: < 1.2.6-r0
- (no CPE)range: < 1.2.6-r0
- (no CPE)range: < 1.2.6-r0
- (no CPE)range: >= 1.0.0, < 1.2.5
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-c67j-w6g6-q2cmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-68664ghsaADVISORY
- github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8ghsax_refsource_MISCWEB
- github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6ghsax_refsource_MISCWEB
- github.com/langchain-ai/langchain/pull/34455ghsax_refsource_MISCWEB
- github.com/langchain-ai/langchain/pull/34458ghsax_refsource_MISCWEB
- github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81ghsax_refsource_MISCWEB
- github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5ghsax_refsource_MISCWEB
- github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cmghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.