CVE-2025-9556

Vulnerability

Overview

CVE-2025-9556 is a critical server-side template injection (SSTI) vulnerability in LangChainGo, the Go port of the LangChain framework. The root cause lies in LangChainGo's use of the Gonja template engine (v1.5.3) to parse Jinja2 syntax in prompts. Gonja supports Jinja2 directives such as {% include %}, {% from %}, and {% extends %}, which are intended for template reuse but can be abused to read arbitrary files from the server's filesystem [1].

Exploitation

An attacker can exploit this vulnerability by injecting malicious Jinja2 syntax into a prompt processed by LangChainGo. No authentication or special privileges are required; the attacker only needs the ability to submit prompts to an LLM application using LangChainGo. For example, injecting {% include '/etc/passwd' %} would cause the server to read and return the contents of that file [1].

Impact

Successful exploitation allows an attacker to read arbitrary files on the server, compromising the confidentiality of sensitive data such as system configuration files, credentials, or application secrets. This information could be used to further compromise the system or escalate privileges [1].

Mitigation

The LangChainGo maintainer has acknowledged the issue and is working on a fix. Pull request #1348 introduces security tests for path traversal attacks and reorganizes the Jinja2 template implementation to improve security [2]. Users are advised to update to a patched version once released and to avoid processing untrusted prompt inputs in the interim.