Ethical Hacking News
A critical flaw in the LangChain ecosystem has been discovered, allowing prompt injection and data exposure. The vulnerability has a CVSS score of 9.3 and affects hundreds of millions of global installs. Developers must update their packages immediately and implement additional security measures to secure their applications.
The LangChain core vulnerability allows prompt injection and data exposure, posing a critical security risk. The vulnerability was discovered by Yarden Porat in December 2025 (CVE-2025-68664, CVSS score: 9.3). The LangChain Core package provides functions that fail to escape user-controlled data with 'lc' keys, allowing attackers to inject malicious object structures. Updating packages to the latest available patch versions (1.2.5 and 0.3.81) is crucial to address the vulnerability. Developers must implement additional security measures to prevent prompt injection and data exposure in LLM-based applications.
The LangChain core vulnerability is a critical security flaw that affects the LangChain ecosystem, particularly the LangChain Core package. This vulnerability allows prompt injection and data exposure, making it a serious concern for developers who rely on this package for building Large Language Models (LLMs)-based applications.
In December 2025, a security researcher named Yarden Porat discovered the critical flaw in the LangChain Core package. The vulnerability is tracked as CVE-2025-68664 and has a CVSS score of 9.3, indicating its high severity. The issue was reported on December 4, 2025.
The LangChain Core package provides core interfaces and model-agnostic tools for building LLM-based applications. One of the key functions in this package is the dumps() function, which serializes free-form dictionaries without escaping user-controlled data containing 'lc' keys. This allows attackers to inject malicious object structures through fields like metadata or response data.
Another critical function affected by the vulnerability is dumpd(), which also fails to escape user-controlled data with 'lc' keys. When deserialized with load() or loads(), this data is treated as valid LangChain objects instead of user input, allowing attackers to instantiate arbitrary objects within trusted LangChain namespaces.
The LangChain Core package has hundreds of millions of global installs and is widely deployed in massive scale. This makes the vulnerability especially serious, as a single prompt can trigger the flaw indirectly, influencing metadata that later gets serialized and deserialized during normal operations. The exploitation of this vulnerability can lead to secret leakage from environment variables, instantiation of classes in trusted namespaces like langchain_core or langchain_community, and potentially code execution via Jinja2 templates.
The bug was found to affect versions 1.2.5 and 0.3.81, which are the latest available patches. Users are strongly urged to update their packages immediately to address the vulnerability.
In light of this critical flaw, developers who rely on LangChain Core for building LLM-based applications must take immediate action to secure their applications. This includes updating to the latest available patch versions and implementing additional security measures to prevent prompt injection and data exposure.
Furthermore, the discovery of this vulnerability highlights the importance of ongoing security testing and scanning for open-source packages like LangChain Core. Developers must remain vigilant in identifying and addressing vulnerabilities before they can be exploited by attackers.
In conclusion, the LangChain Core vulnerability is a critical security flaw that affects LLM-based applications worldwide. Its high severity and potential impact make it essential to address this issue promptly and implement additional security measures to prevent exploitation.
Related Information:
https://www.ethicalhackingnews.com/articles/The-LangChain-Core-Vulnerability-A-Critical-Flaw-in-LLM-Based-Applications-ehn.shtml
https://securityaffairs.com/186185/hacking/langchain-core-vulnerability-allows-prompt-injection-and-data-exposure.html
https://thehackernews.com/2025/12/critical-langchain-core-vulnerability.html
https://nvd.nist.gov/vuln/detail/CVE-2025-68664
https://www.cvedetails.com/cve/CVE-2025-68664/
Published: Sat Dec 27 12:58:25 2025 by llama3.2 3B Q4_K_M
