CVE-2025-68664
Published: 23 December 2025
Summary
CVE-2025-68664 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Langchain Langchain Core. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Stealth (T1211); ranked in the top 4.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as NLP and Transformers; in the LLM/Generative AI Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
LangChain, a framework for building agents and LLM-powered applications, contains a serialization injection vulnerability in its dumps() and dumpd() functions prior to versions 0.3.81 and 1.2.5. The functions fail to escape dictionaries containing 'lc' keys when handling free-form user data, allowing such structures to be misinterpreted as internal LangChain serialized objects during later deserialization rather than treated as plain data. This stems from CWE-502 deserialization of untrusted data and carries a CVSS 3.1 score of 9.3.
An unauthenticated remote attacker can supply crafted dictionaries with 'lc' keys through any input path that reaches these serialization routines. Upon deserialization the data is processed as a legitimate LangChain object, enabling injection that can result in high-impact confidentiality loss and limited integrity effects across affected applications.
The issue is addressed in the referenced commits and pull requests that add proper escaping for 'lc' keys, with official patches released in LangChain core 0.3.81 and LangChain 1.2.5. The EPSS score remains flat at 0.0262 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-204849
Vulnerability details
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries.…
more
The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: langchain, llm
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The serialization injection vulnerability allows attackers to craft user-controlled dictionaries with 'lc' keys that are deserialized as legitimate LangChain objects, facilitating exploitation for defense evasion (T1211) via in-memory object instantiation and reflective code loading (T1620) without disk artifacts.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of the serialization injection flaw in LangChain's dumps() and dumpd() functions via patching to versions 0.3.81 or 1.2.5.
Validates user-controlled inputs prior to serialization to block malicious dictionaries containing 'lc' keys that could be misinterpreted as LangChain objects during deserialization.
Scans for known vulnerabilities like CVE-2025-68664 in LangChain components to identify and prioritize remediation of the deserialization injection issue.