CVE-2025-67644

HIGH

Pypi Langgraph-checkpoint-sqlite < 3.0.1 - SQL Injection

Title source: rule

Description

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2025/CVE-2025-67644

View Code ZIP pw:eip

nomisec WORKING POC

by mbanyamer · poc

https://github.com/mbanyamer/CVE-2025-67644-LangGraph-3.0.1-SQLite-Checkpoint-SQL-Injection

View Code ZIP pw:eip

References (2)

[Patch] https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 7.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Details

CWE

CWE-89

Status published

Products (3)

langchain/langgraph-checkpoint-sqlite < 3.0.1

langchain-ai/langgraph < 3.0.1

pypi/langgraph-checkpoint-sqlite 0 - 3.0.1PyPI

Published Dec 11, 2025

Tracked Since Feb 18, 2026