CVE-2025-68664

CRITICAL

LangChain <0.3.81 and 1.2.5 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2025-68664. PoCs published by banyamer, Ak-cybe, Johnnyzhou666.

AI-analyzed exploit summary This repository contains functional exploit payloads for CVE-2025-68664, targeting a deserialization vulnerability in LangChain Core < 0.3.81. The payloads include RCE, SSRF, file system access, and reconnaissance techniques, leveraging the 'lc': 1 marker for exploitation.

Description

LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.

Exploits (4)

exploitdb FAILED
by banyamer · pythonwebappsmultiple
https://www.exploit-db.com/exploits/52514
nomisec WORKING POC 1 stars
by Ak-cybe · poc
https://github.com/Ak-cybe/CVE-2025-68664-LangGrinch-PoC

This repository contains functional exploit payloads for CVE-2025-68664, targeting a deserialization vulnerability in LangChain Core < 0.3.81. The payloads include RCE, SSRF, file system access, and reconnaissance techniques, leveraging the 'lc': 1 marker for exploitation.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: LangChain Core < 0.3.81
No auth needed
Prerequisites: Access to a vulnerable LangChain Core instance · Ability to send crafted JSON payloads
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP
by Johnnyzhou666 · poc
https://github.com/Johnnyzhou666/langgrinch-cve-2025-68664-analysis

This repository provides a technical analysis of CVE-2025-68664 (LangGrinch), a serialization injection vulnerability in LangChain Core, covering root cause, exploitation flow, and mitigation strategies.

Classification
Writeup 90%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Theoretical
Target: LangChain Core
No auth needed
Prerequisites: Untrusted user input or LLM output treated as serialized objects
devstral-2 · analyzed May 10, 2026 Full analysis →
nomisec WRITEUP
by comerc · poc
https://github.com/comerc/CVE-2025-68664

The repository contains a detailed technical analysis of CVE-2025-68664, a deserialization vulnerability in LangChain's core library. The writeup explains the root cause, impact, and exploitation mechanics, including how uncontrolled user input with the 'lc' key can lead to arbitrary object instantiation and potential RCE.

Classification
Writeup 100%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: LangChain (langchain-core) versions before 1.2.5 and 0.3.81
No auth needed
Prerequisites: Ability to inject or influence serialized data processed by LangChain's dumps() or dumpd() functions
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Issue Tracking, Patch x_refsource_misc
https://github.com/langchain-ai/langchain/pull/34455
Issue Tracking, Patch x_refsource_misc
https://github.com/langchain-ai/langchain/pull/34458

Scores

CVSS v3 9.3
EPSS 0.1383
EPSS Percentile 96.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-502
Status published
Products (2)
langchain/langchain_core < 0.3.81
pypi/langchain-core 1.0.0 - 1.2.5PyPI
Published Dec 23, 2025
Tracked Since Feb 18, 2026