CVE-2025-68665
- Source
- https://cve.org/CVERecord?id=CVE-2025-68665
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68665.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-68665
- Aliases
- Downstream
- Related
- Published
- 2025-12-23T22:56:04.837Z
- Modified
- 2026-02-13T16:39:38.082498Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- LangChain serialization injection vulnerability enables secret extraction
- Details
-
LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when string-ifying objects using JSON.stringify(). The method did not escape objects with 'lc' keys when serializing free-form data in kwargs. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in @langchain/core versions 0.3.80 and 1.1.8, and langchain versions 0.3.37 and 1.2.3
- Database specific
{ "cwe_ids": [ "CWE-502" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68665.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68665.json
- https://github.com/langchain-ai/langchainjs/commit/e5063f9c6e9989ea067dfdff39262b9e7b6aba62
- https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcore%401.1.8
- https://github.com/langchain-ai/langchainjs/releases/tag/langchain%401.2.3
- https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6
- https://nvd.nist.gov/vuln/detail/CVE-2025-68665
Affected packages
Git / github.com/langchain-ai/langchainjs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/langchain-ai/langchainjs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
Affected versions
@langchain/anthropic==1.*
@langchain/anthropic==1.0.0
@langchain/anthropic@1.*
@langchain/anthropic@1.1.0
@langchain/anthropic@1.1.1
@langchain/anthropic@1.1.3
@langchain/anthropic@1.2.0
@langchain/anthropic@1.2.1
@langchain/anthropic@1.2.2
@langchain/anthropic@1.2.3
@langchain/anthropic@1.3.0
@langchain/anthropic@1.3.1
@langchain/aws==1.*
@langchain/aws==1.0.0
@langchain/aws==1.0.1
@langchain/aws@1.*
@langchain/aws@1.0.2
@langchain/aws@1.1.0
@langchain/azure-cosmosdb==1.*
@langchain/azure-cosmosdb==1.0.0
@langchain/azure-cosmosdb@1.*
@langchain/azure-cosmosdb@1.1.0
@langchain/azure-dynamic-sessions==1.*
@langchain/azure-dynamic-sessions==1.0.0
@langchain/azure-dynamic-sessions@1.*
@langchain/azure-dynamic-sessions@1.0.1
@langchain/baidu-qianfan==1.*
@langchain/baidu-qianfan==1.0.0
@langchain/baidu-qianfan@1.*
@langchain/baidu-qianfan@1.0.1
@langchain/cerebras==1.*
@langchain/cerebras==1.0.0
@langchain/cerebras@1.*
@langchain/cerebras@1.0.1
@langchain/classic==1.*
@langchain/classic==1.0.0
@langchain/classic==1.0.1
@langchain/classic==1.0.2
@langchain/classic@1.*
@langchain/classic@1.0.4
@langchain/classic@1.0.6
@langchain/cloudflare==1.*
@langchain/cloudflare==1.0.0
@langchain/cloudflare@1.*
@langchain/cloudflare@1.0.1
@langchain/cohere==1.*
@langchain/cohere==1.0.0
@langchain/cohere@1.*
@langchain/cohere@1.0.1
@langchain/community==1.*
@langchain/community==1.0.0
@langchain/community==1.0.1
@langchain/community==1.0.2
@langchain/community@1.*
@langchain/community@1.0.4
@langchain/community@1.0.6
@langchain/community@1.0.7
@langchain/community@1.1.0
@langchain/core==1.*
@langchain/core==1.0.0
@langchain/core==1.0.1
@langchain/core==1.0.2
@langchain/core==1.0.3
@langchain/core==1.0.4
@langchain/core@1.*
@langchain/core@1.1.1
@langchain/core@1.1.2
@langchain/core@1.1.3
@langchain/core@1.1.4
@langchain/core@1.1.5
@langchain/core@1.1.6
@langchain/deepseek==1.*
@langchain/deepseek==1.0.0
@langchain/deepseek@1.*
@langchain/deepseek@1.0.2
@langchain/deepseek@1.0.3
@langchain/exa==1.*
@langchain/exa==1.0.0
@langchain/exa@1.*
@langchain/exa@1.0.1
@langchain/google-cloud-sql-pg==1.*
@langchain/google-cloud-sql-pg==1.0.0
@langchain/google-cloud-sql-pg@1.*
@langchain/google-cloud-sql-pg@1.0.1
@langchain/google-cloud-sql-pg@1.0.2
@langchain/google-cloud-sql-pg@1.0.3
@langchain/google-cloud-sql-pg@1.0.4
@langchain/google-cloud-sql-pg@1.0.5
@langchain/google-cloud-sql-pg@1.0.6
@langchain/google-cloud-sql-pg@1.0.7
@langchain/google-common==1.*
@langchain/google-common==1.0.0
@langchain/google-common@1.*
@langchain/google-common@1.0.2
@langchain/google-common@1.0.3
@langchain/google-common@1.0.4
@langchain/google-common@2.*
@langchain/google-common@2.0.1
@langchain/google-common@2.0.2
@langchain/google-common@2.0.3
@langchain/google-common@2.0.4
@langchain/google-common@2.1.0
@langchain/google-common@2.1.1
@langchain/google-gauth==1.*
@langchain/google-gauth==1.0.0
@langchain/google-gauth@1.*
@langchain/google-gauth@1.0.2
@langchain/google-gauth@1.0.3
@langchain/google-gauth@1.0.4
@langchain/google-gauth@2.*
@langchain/google-gauth@2.0.1
@langchain/google-gauth@2.0.2
@langchain/google-gauth@2.0.3
@langchain/google-gauth@2.0.4
@langchain/google-gauth@2.1.0
@langchain/google-gauth@2.1.1
@langchain/google-genai==1.*
@langchain/google-genai==1.0.0
@langchain/google-genai@1.*
@langchain/google-genai@1.0.2
@langchain/google-genai@1.0.3
@langchain/google-genai@2.*
@langchain/google-genai@2.0.1
@langchain/google-genai@2.0.2
@langchain/google-genai@2.0.3
@langchain/google-genai@2.0.4
@langchain/google-genai@2.1.0
@langchain/google-genai@2.1.1
@langchain/google-vertexai-web@1.*
@langchain/google-vertexai-web@1.0.2
@langchain/google-vertexai-web@1.0.3
@langchain/google-vertexai-web@1.0.4
@langchain/google-vertexai-web@2.*
@langchain/google-vertexai-web@2.0.1
@langchain/google-vertexai-web@2.0.2
@langchain/google-vertexai-web@2.0.3
@langchain/google-vertexai-web@2.0.4
@langchain/google-vertexai-web@2.1.0
@langchain/google-vertexai-web@2.1.1
@langchain/google-vertexai@1.*
@langchain/google-vertexai@1.0.2
@langchain/google-vertexai@1.0.3
@langchain/google-vertexai@1.0.4
@langchain/google-vertexai@2.*
@langchain/google-vertexai@2.0.1
@langchain/google-vertexai@2.0.2
@langchain/google-vertexai@2.0.3
@langchain/google-vertexai@2.0.4
@langchain/google-vertexai@2.1.0
@langchain/google-vertexai@2.1.1
@langchain/google-webauth==1.*
@langchain/google-webauth==1.0.0
@langchain/google-webauth@1.*
@langchain/google-webauth@1.0.2
@langchain/google-webauth@1.0.3
@langchain/google-webauth@1.0.4
@langchain/google-webauth@2.*
@langchain/google-webauth@2.0.1
@langchain/google-webauth@2.0.2
@langchain/google-webauth@2.0.3
@langchain/google-webauth@2.0.4
@langchain/google-webauth@2.1.0
@langchain/google-webauth@2.1.1
@langchain/groq==1.*
@langchain/groq==1.0.0
@langchain/groq@1.*
@langchain/groq@1.0.2
@langchain/mcp-adapters==1.*
@langchain/mcp-adapters==1.0.0
@langchain/mcp-adapters@1.*
@langchain/mcp-adapters@1.0.1
@langchain/mcp-adapters@1.0.2
@langchain/mcp-adapters@1.0.3
@langchain/mcp-adapters@1.1.0
@langchain/mistralai==1.*
@langchain/mistralai==1.0.0
@langchain/mistralai@1.*
@langchain/mistralai@1.0.1
@langchain/mistralai@1.0.2
@langchain/mixedbread-ai==1.*
@langchain/mixedbread-ai==1.0.0
@langchain/mixedbread-ai@1.*
@langchain/mixedbread-ai@1.0.1
@langchain/mongodb==1.*
@langchain/mongodb==1.0.0
@langchain/mongodb@1.*
@langchain/mongodb@1.0.1
@langchain/mongodb@1.0.2
@langchain/mongodb@1.1.0
@langchain/nomic==1.*
@langchain/nomic==1.0.0
@langchain/nomic@1.*
@langchain/nomic@1.0.1
@langchain/ollama==1.*
@langchain/ollama==1.0.0
@langchain/ollama==1.0.1
@langchain/ollama@1.*
@langchain/ollama@1.0.2
@langchain/ollama@1.0.3
@langchain/ollama@1.1.0
@langchain/openai==1.*
@langchain/openai==1.0.0
@langchain/openai==1.1.0
@langchain/openai@1.*
@langchain/openai@1.1.2
@langchain/openai@1.2.0
@langchain/pinecone==1.*
@langchain/pinecone==1.0.0
@langchain/pinecone@1.*
@langchain/pinecone@1.0.1
@langchain/qdrant==1.*
@langchain/qdrant==1.0.0
@langchain/qdrant@1.*
@langchain/qdrant@1.0.1
@langchain/redis==1.*
@langchain/redis==1.0.0
@langchain/redis@1.*
@langchain/redis@1.0.1
@langchain/tavily==1.*
@langchain/tavily==1.0.0
@langchain/tavily@1.*
@langchain/tavily@1.0.1
@langchain/tavily@1.1.0
@langchain/textsplitters==1.*
@langchain/textsplitters==1.0.0
@langchain/textsplitters@1.*
@langchain/textsplitters@1.0.1
@langchain/vertexai-web==1.*
@langchain/vertexai-web==1.0.0
@langchain/vertexai==1.*
@langchain/vertexai==1.0.0
@langchain/weaviate==1.*
@langchain/weaviate==1.0.0
@langchain/weaviate@1.*
@langchain/weaviate@1.0.1
@langchain/xai==1.*
@langchain/xai==1.0.0
@langchain/xai@1.*
@langchain/xai@1.0.2
@langchain/xai@1.1.0
@langchain/yandex==1.*
@langchain/yandex==1.0.0
@langchain/yandex@1.*
@langchain/yandex@1.0.1
langchain==1.*
langchain==1.0.0
langchain==1.0.1
langchain==1.0.2
langchain==1.0.3
langchain==1.0.4
langchain@1.*
langchain@1.0.5
langchain@1.0.6
langchain@1.1.1
langchain@1.1.2
langchain@1.1.3
langchain@1.1.4
langchain@1.1.5
langchain@1.1.6
langchain@1.2.0
langchain@1.2.1