{"id":"CVE-2025-64104","summary":"LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore","details":"LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. This vulnerability is fixed in 2.0.11.","aliases":["GHSA-7p73-8jqx-23r8"],"modified":"2026-04-02T13:01:04.028703Z","published":"2025-10-29T18:55:06.129Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64104.json","cwe_ids":["CWE-89"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64104.json"},{"type":"ADVISORY","url":"https://github.com/langchain-ai/langgraph/security/advisories/GHSA-7p73-8jqx-23r8"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64104"},{"type":"FIX","url":"https://github.com/langchain-ai/langgraph/commit/bc9d45b476101e441cb1cc602dea03eb29232de4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/langchain-ai/langgraph","events":[{"introduced":"0"},{"fixed":"a3d7b6f44ec1df13b733e4d0b4248f1a91da89f4"}]}],"versions":["0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.16","0.1.17","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.2.0","0.2.1","0.2.10","0.2.11","0.2.12","0.2.13","0.2.15","0.2.16","0.2.17","0.2.18","0.2.19","0.2.2","0.2.20","0.2.21","0.2.22","0.2.23","0.2.24","0.2.25","0.2.26","0.2.27","0.2.28","0.2.29","0.2.3","0.2.30","0.2.31","0.2.32","0.2.33","0.2.34","0.2.35","0.2.36","0.2.37","0.2.38","0.2.39","0.2.4","0.2.40","0.2.41","0.2.42","0.2.43","0.2.44","0.2.45","0.2.46","0.2.47","0.2.48","0.2.49","0.2.5","0.2.50","0.2.51","0.2.52","0.2.53","0.2.54","0.2.55","0.2.56","0.2.57","0.2.58","0.2.59","0.2.6","0.2.60","0.2.61","0.2.62","0.2.63","0.2.64","0.2.65","0.2.66","0.2.67","0.2.68","0.2.69","0.2.7","0.2.70","0.2.71","0.2.72","0.2.73","0.2.74","0.2.75","0.2.76","0.2.9","0.3.0","0.3.1","0.3.10","0.3.11","0.3.12","0.3.13","0.3.14","0.3.15","0.3.16","0.3.17","0.3.18","0.3.19","0.3.2","0.3.20","0.3.21","0.3.22","0.3.23","0.3.24","0.3.25","0.3.26","0.3.27","0.3.28","0.3.29","0.3.3","0.3.30","0.3.31","0.3.32","0.3.34","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8","0.4.0","0.4.1","0.4.10","0.4.2","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.0rc0","0.5.0rc1","0.5.1","0.5.2","0.5.3","0.5.4","0.6.0a1","checkpoint==1.0.0","checkpoint==1.0.1","checkpoint==1.0.10","checkpoint==1.0.11","checkpoint==1.0.12","checkpoint==1.0.13","checkpoint==1.0.14","checkpoint==1.0.2","checkpoint==1.0.3","checkpoint==1.0.4","checkpoint==1.0.7","checkpoint==1.0.8","checkpoint==1.0.9","checkpoint==2.0.0","checkpoint==2.0.1","checkpoint==2.0.10","checkpoint==2.0.12","checkpoint==2.0.13","checkpoint==2.0.14","checkpoint==2.0.15","checkpoint==2.0.16","checkpoint==2.0.17","checkpoint==2.0.18","checkpoint==2.0.19","checkpoint==2.0.2","checkpoint==2.0.20","checkpoint==2.0.21","checkpoint==2.0.22","checkpoint==2.0.23","checkpoint==2.0.24","checkpoint==2.0.25","checkpoint==2.0.26","checkpoint==2.0.3","checkpoint==2.0.4","checkpoint==2.0.5","checkpoint==2.0.6","checkpoint==2.0.7","checkpoint==2.0.8","checkpoint==2.0.9","checkpoint==2.1.0","checkpoint==2.1.1","checkpointduckdb==2.0.0","checkpointduckdb==2.0.1","checkpointduckdb==2.0.2","checkpointpostgres==1.0.0","checkpointpostgres==1.0.1","checkpointpostgres==1.0.10","checkpointpostgres==1.0.11","checkpointpostgres==1.0.2","checkpointpostgres==1.0.3","checkpointpostgres==1.0.4","checkpointpostgres==1.0.5","checkpointpostgres==1.0.6","checkpointpostgres==1.0.7","checkpointpostgres==1.0.8","checkpointpostgres==1.0.9","checkpointpostgres==2.0.0","checkpointpostgres==2.0.1","checkpointpostgres==2.0.10","checkpointpostgres==2.0.11","checkpointpostgres==2.0.12","checkpointpostgres==2.0.13","checkpointpostgres==2.0.14","checkpointpostgres==2.0.15","checkpointpostgres==2.0.16","checkpointpostgres==2.0.17","checkpointpostgres==2.0.18","checkpointpostgres==2.0.19","checkpointpostgres==2.0.2","checkpointpostgres==2.0.20","checkpointpostgres==2.0.21","checkpointpostgres==2.0.22","checkpointpostgres==2.0.23","checkpointpostgres==2.0.3","checkpointpostgres==2.0.4","checkpointpostgres==2.0.5","checkpointpostgres==2.0.6","checkpointpostgres==2.0.7","checkpointpostgres==2.0.8","checkpointpostgres==2.0.9","checkpointsqlite==1.0.0","checkpointsqlite==1.0.1","checkpointsqlite==1.0.2","checkpointsqlite==1.0.3","checkpointsqlite==1.0.4","checkpointsqlite==2.0.0","checkpointsqlite==2.0.1","checkpointsqlite==2.0.10","checkpointsqlite==2.0.2","checkpointsqlite==2.0.3","checkpointsqlite==2.0.4","checkpointsqlite==2.0.5","checkpointsqlite==2.0.6","checkpointsqlite==2.0.7","checkpointsqlite==2.0.8","checkpointsqlite==2.0.9","cli==0.1.40","cli==0.1.41","cli==0.1.42","cli==0.1.44","cli==0.1.45","cli==0.1.45a0","cli==0.1.45a1","cli==0.1.46","cli==0.1.47","cli==0.1.48","cli==0.1.49","cli==0.1.50","cli==0.1.51","cli==0.1.52","cli==0.1.53","cli==0.1.54","cli==0.1.55","cli==0.1.55rc1","cli==0.1.56","cli==0.1.57","cli==0.1.58","cli==0.1.59","cli==0.1.60","cli==0.1.61","cli==0.1.62","cli==0.1.63","cli==0.1.64","cli==0.1.65","cli==0.1.66","cli==0.1.67","cli==0.1.68","cli==0.1.69","cli==0.1.70","cli==0.1.71","cli==0.1.72","cli==0.1.73","cli==0.1.74","cli==0.1.75","cli==0.1.76","cli==0.1.77","cli==0.1.78","cli==0.1.79","cli==0.1.80","cli==0.1.81","cli==0.1.82","cli==0.1.83","cli==0.1.84","cli==0.1.89","cli==0.2.1","cli==0.2.10","cli==0.2.11","cli==0.2.12","cli==0.2.2","cli==0.2.3","cli==0.2.4","cli==0.2.5","cli==0.2.6","cli==0.2.7","cli==0.2.8","cli==0.2.9","cli==0.3.1","cli==0.3.2","cli==0.3.3","cli==0.3.4","cli==0.3.5","cli==0.3.6","langgraph-cli==0.1.39","prebuilt==0.1.0","prebuilt==0.1.1","prebuilt==0.1.2","prebuilt==0.1.3","prebuilt==0.1.4","prebuilt==0.1.5","prebuilt==0.1.6","prebuilt==0.1.7","prebuilt==0.1.8","prebuilt==0.2.0","prebuilt==0.2.1","prebuilt==0.2.2","prebuilt==0.2.3","prebuilt==0.5.0","prebuilt==0.5.0rc0","prebuilt==0.5.1","prebuilt==0.5.2","sdk==0.1.23","sdk==0.1.24","sdk==0.1.25","sdk==0.1.26","sdk==0.1.27","sdk==0.1.28","sdk==0.1.29","sdk==0.1.30","sdk==0.1.31","sdk==0.1.32","sdk==0.1.33","sdk==0.1.34","sdk==0.1.35","sdk==0.1.36","sdk==0.1.37","sdk==0.1.38","sdk==0.1.39","sdk==0.1.40","sdk==0.1.42","sdk==0.1.43","sdk==0.1.44","sdk==0.1.45","sdk==0.1.46","sdk==0.1.47","sdk==0.1.48","sdk==0.1.50","sdk==0.1.51","sdk==0.1.53","sdk==0.1.55","sdk==0.1.56","sdk==0.1.57","sdk==0.1.58","sdk==0.1.59","sdk==0.1.60","sdk==0.1.61","sdk==0.1.62","sdk==0.1.63","sdk==0.1.64","sdk==0.1.65","sdk==0.1.66","sdk==0.1.69","sdk==0.1.70","sdk==0.1.71","sdk==0.1.72","sdk==0.1.73","sdk==0.1.74","sdk==0.2.0","sdk==0.2.0a1","v0.0.3","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v0.0.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64104.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"}]}