{"id":"CVE-2025-68665","summary":"LangChain serialization injection vulnerability enables secret extraction","details":"LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when string-ifying objects using JSON.stringify(). The method did not escape objects with 'lc' keys when serializing free-form data in kwargs. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in @langchain/core versions 0.3.80 and 1.1.8, and langchain versions 0.3.37 and 1.2.3","aliases":["GHSA-r399-636x-v7f6"],"modified":"2026-04-02T13:06:41.457021Z","published":"2025-12-23T22:56:04.837Z","related":["CGA-85gf-57xg-6wj7"],"database_specific":{"cwe_ids":["CWE-502"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68665.json"},"references":[{"type":"WEB","url":"https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcore%401.1.8"},{"type":"WEB","url":"https://github.com/langchain-ai/langchainjs/releases/tag/langchain%401.2.3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68665.json"},{"type":"ADVISORY","url":"https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68665"},{"type":"FIX","url":"https://github.com/langchain-ai/langchainjs/commit/e5063f9c6e9989ea067dfdff39262b9e7b6aba62"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/langchain-ai/langchainjs","events":[{"introduced":"822db857fce821a2beee645e6c90beac5c42ff09"},{"fixed":"e5063f9c6e9989ea067dfdff39262b9e7b6aba62"}]}],"versions":["@langchain/anthropic==1.0.0","@langchain/anthropic@1.1.0","@langchain/anthropic@1.1.1","@langchain/anthropic@1.1.3","@langchain/anthropic@1.2.0","@langchain/anthropic@1.2.1","@langchain/anthropic@1.2.2","@langchain/anthropic@1.2.3","@langchain/anthropic@1.3.0","@langchain/anthropic@1.3.1","@langchain/aws==1.0.0","@langchain/aws==1.0.1","@langchain/aws@1.0.2","@langchain/aws@1.1.0","@langchain/azure-cosmosdb==1.0.0","@langchain/azure-cosmosdb@1.1.0","@langchain/azure-dynamic-sessions==1.0.0","@langchain/azure-dynamic-sessions@1.0.1","@langchain/baidu-qianfan==1.0.0","@langchain/baidu-qianfan@1.0.1","@langchain/cerebras==1.0.0","@langchain/cerebras@1.0.1","@langchain/classic==1.0.0","@langchain/classic==1.0.1","@langchain/classic==1.0.2","@langchain/classic@1.0.4","@langchain/classic@1.0.6","@langchain/cloudflare==1.0.0","@langchain/cloudflare@1.0.1","@langchain/cohere==1.0.0","@langchain/cohere@1.0.1","@langchain/community==1.0.0","@langchain/community==1.0.1","@langchain/community==1.0.2","@langchain/community@1.0.4","@langchain/community@1.0.6","@langchain/community@1.0.7","@langchain/community@1.1.0","@langchain/core==1.0.0","@langchain/core==1.0.1","@langchain/core==1.0.2","@langchain/core==1.0.3","@langchain/core==1.0.4","@langchain/core@1.1.1","@langchain/core@1.1.2","@langchain/core@1.1.3","@langchain/core@1.1.4","@langchain/core@1.1.5","@langchain/core@1.1.6","@langchain/deepseek==1.0.0","@langchain/deepseek@1.0.2","@langchain/deepseek@1.0.3","@langchain/exa==1.0.0","@langchain/exa@1.0.1","@langchain/google-cloud-sql-pg==1.0.0","@langchain/google-cloud-sql-pg@1.0.1","@langchain/google-cloud-sql-pg@1.0.2","@langchain/google-cloud-sql-pg@1.0.3","@langchain/google-cloud-sql-pg@1.0.4","@langchain/google-cloud-sql-pg@1.0.5","@langchain/google-cloud-sql-pg@1.0.6","@langchain/google-cloud-sql-pg@1.0.7","@langchain/google-common==1.0.0","@langchain/google-common@1.0.2","@langchain/google-common@1.0.3","@langchain/google-common@1.0.4","@langchain/google-common@2.0.1","@langchain/google-common@2.0.2","@langchain/google-common@2.0.3","@langchain/google-common@2.0.4","@langchain/google-common@2.1.0","@langchain/google-common@2.1.1","@langchain/google-gauth==1.0.0","@langchain/google-gauth@1.0.2","@langchain/google-gauth@1.0.3","@langchain/google-gauth@1.0.4","@langchain/google-gauth@2.0.1","@langchain/google-gauth@2.0.2","@langchain/google-gauth@2.0.3","@langchain/google-gauth@2.0.4","@langchain/google-gauth@2.1.0","@langchain/google-gauth@2.1.1","@langchain/google-genai==1.0.0","@langchain/google-genai@1.0.2","@langchain/google-genai@1.0.3","@langchain/google-genai@2.0.1","@langchain/google-genai@2.0.2","@langchain/google-genai@2.0.3","@langchain/google-genai@2.0.4","@langchain/google-genai@2.1.0","@langchain/google-genai@2.1.1","@langchain/google-vertexai-web@1.0.2","@langchain/google-vertexai-web@1.0.3","@langchain/google-vertexai-web@1.0.4","@langchain/google-vertexai-web@2.0.1","@langchain/google-vertexai-web@2.0.2","@langchain/google-vertexai-web@2.0.3","@langchain/google-vertexai-web@2.0.4","@langchain/google-vertexai-web@2.1.0","@langchain/google-vertexai-web@2.1.1","@langchain/google-vertexai@1.0.2","@langchain/google-vertexai@1.0.3","@langchain/google-vertexai@1.0.4","@langchain/google-vertexai@2.0.1","@langchain/google-vertexai@2.0.2","@langchain/google-vertexai@2.0.3","@langchain/google-vertexai@2.0.4","@langchain/google-vertexai@2.1.0","@langchain/google-vertexai@2.1.1","@langchain/google-webauth==1.0.0","@langchain/google-webauth@1.0.2","@langchain/google-webauth@1.0.3","@langchain/google-webauth@1.0.4","@langchain/google-webauth@2.0.1","@langchain/google-webauth@2.0.2","@langchain/google-webauth@2.0.3","@langchain/google-webauth@2.0.4","@langchain/google-webauth@2.1.0","@langchain/google-webauth@2.1.1","@langchain/groq==1.0.0","@langchain/groq@1.0.2","@langchain/mcp-adapters==1.0.0","@langchain/mcp-adapters@1.0.1","@langchain/mcp-adapters@1.0.2","@langchain/mcp-adapters@1.0.3","@langchain/mcp-adapters@1.1.0","@langchain/mistralai==1.0.0","@langchain/mistralai@1.0.1","@langchain/mistralai@1.0.2","@langchain/mixedbread-ai==1.0.0","@langchain/mixedbread-ai@1.0.1","@langchain/mongodb==1.0.0","@langchain/mongodb@1.0.1","@langchain/mongodb@1.0.2","@langchain/mongodb@1.1.0","@langchain/nomic==1.0.0","@langchain/nomic@1.0.1","@langchain/ollama==1.0.0","@langchain/ollama==1.0.1","@langchain/ollama@1.0.2","@langchain/ollama@1.0.3","@langchain/ollama@1.1.0","@langchain/openai==1.0.0","@langchain/openai==1.1.0","@langchain/openai@1.1.2","@langchain/openai@1.2.0","@langchain/pinecone==1.0.0","@langchain/pinecone@1.0.1","@langchain/qdrant==1.0.0","@langchain/qdrant@1.0.1","@langchain/redis==1.0.0","@langchain/redis@1.0.1","@langchain/tavily==1.0.0","@langchain/tavily@1.0.1","@langchain/tavily@1.1.0","@langchain/textsplitters==1.0.0","@langchain/textsplitters@1.0.1","@langchain/vertexai-web==1.0.0","@langchain/vertexai==1.0.0","@langchain/weaviate==1.0.0","@langchain/weaviate@1.0.1","@langchain/xai==1.0.0","@langchain/xai@1.0.2","@langchain/xai@1.1.0","@langchain/yandex==1.0.0","@langchain/yandex@1.0.1","langchain==1.0.0","langchain==1.0.1","langchain==1.0.2","langchain==1.0.3","langchain==1.0.4","langchain@1.0.5","langchain@1.0.6","langchain@1.1.1","langchain@1.1.2","langchain@1.1.3","langchain@1.1.4","langchain@1.1.5","langchain@1.1.6","langchain@1.2.0","langchain@1.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68665.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}]}