Cyber Resilience

CVE-2025-68664

CriticalPublic PoCRCE

Published: 23 December 2025

Published
23 December 2025
Modified
13 January 2026
KEV Added
Patch
CVSS Score v3.1 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
EPSS Score 0.1383 96.0th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68664 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Langchain Langchain Core. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Stealth (T1211); ranked in the top 4.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the LLM/Generative AI Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

LangChain, a framework for building agents and LLM-powered applications, contains a serialization injection vulnerability in its dumps() and dumpd() functions prior to versions 0.3.81 and 1.2.5. The functions fail to escape dictionaries containing 'lc' keys when handling free-form user data, allowing such structures to be misinterpreted as internal LangChain serialized objects during later deserialization rather than treated as plain data. This stems from CWE-502 deserialization of untrusted data and carries a CVSS 3.1 score of 9.3.

An unauthenticated remote attacker can supply crafted dictionaries with 'lc' keys through any input path that reaches these serialization routines. Upon deserialization the data is processed as a legitimate LangChain object, enabling injection that can result in high-impact confidentiality loss and limited integrity effects across affected applications.

The issue is addressed in the referenced commits and pull requests that add proper escaping for 'lc' keys, with official patches released in LangChain core 0.3.81 and LangChain 1.2.5. The EPSS score remains flat at 0.0262 with no material increase after disclosure.

EU & UK References

Vulnerability details

LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries.…

more

The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: langchain, llm

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1211 Exploitation for Stealth Stealth
Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components.
T1620 Reflective Code Loading Stealth
Adversaries may reflectively load code into a process in order to conceal the execution of malicious payloads.
Why these techniques?

The serialization injection vulnerability allows attackers to craft user-controlled dictionaries with 'lc' keys that are deserialized as legitimate LangChain objects, facilitating exploitation for defense evasion (T1211) via in-memory object instantiation and reflective code loading (T1620) without disk artifacts.

CVEs Like This One

CVE-2026-34070Same product: Langchain Langchain Core
CVE-2026-44843Same vendor: Langchain
CVE-2026-28277Same vendor: Langchain
CVE-2026-25750Same vendor: Langchain
CVE-2026-27795Same vendor: Langchain
CVE-2024-58340Same vendor: Langchain
CVE-2026-24142Shared CWE-502
CVE-2024-11041Shared CWE-502
CVE-2025-45146Shared CWE-502
CVE-2026-31250Shared CWE-502

Affected Assets

langchain
langchain core
≤ 0.3.81 · 1.0.0 — 1.2.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the serialization injection flaw in LangChain's dumps() and dumpd() functions via patching to versions 0.3.81 or 1.2.5.

prevent

Validates user-controlled inputs prior to serialization to block malicious dictionaries containing 'lc' keys that could be misinterpreted as LangChain objects during deserialization.

detect

Scans for known vulnerabilities like CVE-2025-68664 in LangChain components to identify and prioritize remediation of the deserialization injection issue.

References