CVE-2025-64439

Pypi Langgraph-checkpoint < 3.0.0 - Insecure Deserialization

Title source: rule

Description

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 2.1.2 and below, the JsonPlusSerializer (used as the default serialization protocol for all checkpointing) contains a Remote Code Execution (RCE) vulnerability when deserializing payloads saved in the "json" serialization mode. By default, the serializer attempts to use "msgpack" for serialization. However, prior to version 3.0 of the checkpointer library, if illegal Unicode surrogate values caused serialization to fail, it would fall back to using the "json" mode. This issue is fixed in version 3.0.0.

References (4)

[Various Sources] https://github.com/langchain-ai/langgraph/blob/c5744f583b11745cd406f3059903e17bbcdcc8ac/libs/checkpoint/langgraph/checkpoint/serde/jsonplus.py

[Patch] https://github.com/langchain-ai/langgraph/commit/c5744f583b11745cd406f3059903e17bbcdcc8ac

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5

[Release Notes] https://github.com/langchain-ai/langgraph/releases/tag/checkpoint%3D%3D3.0.0

Scores

EPSS 0.0081

EPSS Percentile 74.0%

Classification

CWE

CWE-502

Status draft

Affected Products (1)

pypi/langgraph-checkpoint < 3.0.0PyPI

Timeline

Published Nov 07, 2025

Tracked Since Feb 18, 2026