CVE-2025-67644

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-67644

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67644.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67644

Aliases

GHSA-9rwj-6rc7-p77c

Published

2025-12-10T23:37:36.182Z

Modified

2025-12-12T02:58:38.629298Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CVSS Calculator

Summary

LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

Details

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The metadatapredicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67644.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/langchain-ai/langgraph

Affected ranges

Type: GIT
Repo: https://github.com/langchain-ai/langgraph
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b70d5aac0ee330e9dde22ca9c7e8f0774e44da54

Affected versions

0.*

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.16

0.1.17

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.1

0.2.10

0.2.11

0.2.12

0.2.13

0.2.15

0.2.16

0.2.17

0.2.18

0.2.19

0.2.2

0.2.20

0.2.21

0.2.22

0.2.23

0.2.24

0.2.25

0.2.26

0.2.27

0.2.28

0.2.29

0.2.3

0.2.30

0.2.31

0.2.32

0.2.33

0.2.34

0.2.35

0.2.36

0.2.37

0.2.38

0.2.39

0.2.4

0.2.40

0.2.41

0.2.42

0.2.43

0.2.44

0.2.45

0.2.46

0.2.47

0.2.48

0.2.49

0.2.5

0.2.50

0.2.51

0.2.52

0.2.53

0.2.54

0.2.55

0.2.56

0.2.57

0.2.58

0.2.59

0.2.6

0.2.60

0.2.61

0.2.62

0.2.63

0.2.64

0.2.65

0.2.66

0.2.67

0.2.68

0.2.69

0.2.7

0.2.70

0.2.71

0.2.72

0.2.73

0.2.74

0.2.75

0.2.76

0.2.9

0.3.0

0.3.1

0.3.10

0.3.11

0.3.12

0.3.13

0.3.14

0.3.15

0.3.16

0.3.17

0.3.18

0.3.19

0.3.2

0.3.20

0.3.21

0.3.22

0.3.23

0.3.24

0.3.25

0.3.26

0.3.27

0.3.28

0.3.29

0.3.3

0.3.30

0.3.31

0.3.32

0.3.34

0.3.4

0.3.5

0.3.6

0.3.7

0.3.8

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.5.0

0.5.0rc0

0.5.0rc1

0.5.1

0.5.2

0.5.3

0.5.4

0.6.0

0.6.0a1

0.6.0a2

0.6.1

0.6.10

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9

1.*

1.0.0

1.0.0rc1

1.0.1

1.0.2

1.0.3

1.0.4

checkpoint==1.*

checkpoint==1.0.0

checkpoint==1.0.1

checkpoint==1.0.10

checkpoint==1.0.11

checkpoint==1.0.12

checkpoint==1.0.13

checkpoint==1.0.14

checkpoint==1.0.2

checkpoint==1.0.3

checkpoint==1.0.4

checkpoint==1.0.7

checkpoint==1.0.8

checkpoint==1.0.9

checkpoint==2.*

checkpoint==2.0.0

checkpoint==2.0.1

checkpoint==2.0.10

checkpoint==2.0.12

checkpoint==2.0.13

checkpoint==2.0.14

checkpoint==2.0.15

checkpoint==2.0.16

checkpoint==2.0.17

checkpoint==2.0.18

checkpoint==2.0.19

checkpoint==2.0.2

checkpoint==2.0.20

checkpoint==2.0.21

checkpoint==2.0.22

checkpoint==2.0.23

checkpoint==2.0.24

checkpoint==2.0.25

checkpoint==2.0.26

checkpoint==2.0.3

checkpoint==2.0.4

checkpoint==2.0.5

checkpoint==2.0.6

checkpoint==2.0.7

checkpoint==2.0.8

checkpoint==2.0.9

checkpoint==2.1.0

checkpoint==2.1.1

checkpoint==2.1.2

checkpoint==3.*

checkpoint==3.0.0

checkpoint==3.0.1

checkpointduckdb==2.*

checkpointduckdb==2.0.0

checkpointduckdb==2.0.1

checkpointduckdb==2.0.2

checkpointpostgres==1.*

checkpointpostgres==1.0.0

checkpointpostgres==1.0.1

checkpointpostgres==1.0.10

checkpointpostgres==1.0.11

checkpointpostgres==1.0.2

checkpointpostgres==1.0.3

checkpointpostgres==1.0.4

checkpointpostgres==1.0.5

checkpointpostgres==1.0.6

checkpointpostgres==1.0.7

checkpointpostgres==1.0.8

checkpointpostgres==1.0.9

checkpointpostgres==2.*

checkpointpostgres==2.0.0

checkpointpostgres==2.0.1

checkpointpostgres==2.0.10

checkpointpostgres==2.0.11

checkpointpostgres==2.0.12

checkpointpostgres==2.0.13

checkpointpostgres==2.0.14

checkpointpostgres==2.0.15

checkpointpostgres==2.0.16

checkpointpostgres==2.0.17

checkpointpostgres==2.0.18

checkpointpostgres==2.0.19

checkpointpostgres==2.0.2

checkpointpostgres==2.0.20

checkpointpostgres==2.0.21

checkpointpostgres==2.0.22

checkpointpostgres==2.0.23

checkpointpostgres==2.0.24

checkpointpostgres==2.0.25

checkpointpostgres==2.0.3

checkpointpostgres==2.0.4

checkpointpostgres==2.0.5

checkpointpostgres==2.0.6

checkpointpostgres==2.0.7

checkpointpostgres==2.0.8

checkpointpostgres==2.0.9

checkpointpostgres==3.*

checkpointpostgres==3.0.0

checkpointpostgres==3.0.1

checkpointsqlite==1.*

checkpointsqlite==1.0.0

checkpointsqlite==1.0.1

checkpointsqlite==1.0.2

checkpointsqlite==1.0.3

checkpointsqlite==1.0.4

checkpointsqlite==2.*

checkpointsqlite==2.0.0

checkpointsqlite==2.0.1

checkpointsqlite==2.0.10

checkpointsqlite==2.0.11

checkpointsqlite==2.0.2

checkpointsqlite==2.0.3

checkpointsqlite==2.0.4

checkpointsqlite==2.0.5

checkpointsqlite==2.0.6

checkpointsqlite==2.0.7

checkpointsqlite==2.0.8

checkpointsqlite==2.0.9

checkpointsqlite==3.*

checkpointsqlite==3.0.0

cli==0.*

cli==0.1.40

cli==0.1.41

cli==0.1.42

cli==0.1.44

cli==0.1.45

cli==0.1.45a0

cli==0.1.45a1

cli==0.1.46

cli==0.1.47

cli==0.1.48

cli==0.1.49

cli==0.1.50

cli==0.1.51

cli==0.1.52

cli==0.1.53

cli==0.1.54

cli==0.1.55

cli==0.1.55rc1

cli==0.1.56

cli==0.1.57

cli==0.1.58

cli==0.1.59

cli==0.1.60

cli==0.1.61

cli==0.1.62

cli==0.1.63

cli==0.1.64

cli==0.1.65

cli==0.1.66

cli==0.1.67

cli==0.1.68

cli==0.1.69

cli==0.1.70

cli==0.1.71

cli==0.1.72

cli==0.1.73

cli==0.1.74

cli==0.1.75

cli==0.1.76

cli==0.1.77

cli==0.1.78

cli==0.1.79

cli==0.1.80

cli==0.1.81

cli==0.1.82

cli==0.1.83

cli==0.1.84

cli==0.1.89

cli==0.2.1

cli==0.2.10

cli==0.2.11

cli==0.2.12

cli==0.2.2

cli==0.2.3

cli==0.2.4

cli==0.2.5

cli==0.2.6

cli==0.2.7

cli==0.2.8

cli==0.2.9

cli==0.3.1

cli==0.3.2

cli==0.3.3

cli==0.3.4

cli==0.3.5

cli==0.3.6

cli==0.3.7

cli==0.3.8

cli==0.4.0

cli==0.4.1

cli==0.4.2

cli==0.4.3

cli==0.4.4

cli==0.4.6

cli==0.4.8

cli==0.4.9

langgraph-cli==0.*

langgraph-cli==0.1.39

prebuilt==0.*

prebuilt==0.1.0

prebuilt==0.1.1

prebuilt==0.1.2

prebuilt==0.1.3

prebuilt==0.1.4

prebuilt==0.1.5

prebuilt==0.1.6

prebuilt==0.1.7

prebuilt==0.1.8

prebuilt==0.2.0

prebuilt==0.2.1

prebuilt==0.2.2

prebuilt==0.5.0

prebuilt==0.5.0rc0

prebuilt==0.5.1

prebuilt==0.5.2

prebuilt==0.6.0

prebuilt==0.6.0a1

prebuilt==0.6.1

prebuilt==0.6.2

prebuilt==0.6.3

prebuilt==0.6.4

prebuilt==0.7.0rc1

prebuilt==1.*

prebuilt==1.0.0

prebuilt==1.0.1

prebuilt==1.0.2

prebuilt==1.0.3

prebuilt==1.0.4

prebuilt==1.0.5

sdk==0.*

sdk==0.1.23

sdk==0.1.24

sdk==0.1.25

sdk==0.1.26

sdk==0.1.27

sdk==0.1.28

sdk==0.1.29

sdk==0.1.30

sdk==0.1.31

sdk==0.1.32

sdk==0.1.33

sdk==0.1.34

sdk==0.1.35

sdk==0.1.36

sdk==0.1.37

sdk==0.1.38

sdk==0.1.39

sdk==0.1.40

sdk==0.1.42

sdk==0.1.43

sdk==0.1.44

sdk==0.1.45

sdk==0.1.46

sdk==0.1.47

sdk==0.1.48

sdk==0.1.50

sdk==0.1.51

sdk==0.1.53

sdk==0.1.55

sdk==0.1.56

sdk==0.1.57

sdk==0.1.58

sdk==0.1.59

sdk==0.1.60

sdk==0.1.61

sdk==0.1.62

sdk==0.1.63

sdk==0.1.64

sdk==0.1.65

sdk==0.1.66

sdk==0.1.69

sdk==0.1.70

sdk==0.1.71

sdk==0.1.72

sdk==0.1.73

sdk==0.1.74

sdk==0.2.0

sdk==0.2.0a1

sdk==0.2.1

sdk==0.2.10

sdk==0.2.12

sdk==0.2.14

sdk==0.2.15

sdk==0.2.2

sdk==0.2.3

sdk==0.2.4

sdk==0.2.5

sdk==0.2.6

sdk==0.2.7

sdk==0.2.8

sdk==0.2.9

v0.*

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8