LangChain Security Update Advisory (CVE-2025-68664)

Dec 31 2025

Overview

We have released a security update to address a vulnerability in LangChain. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-68664

langchain-core version: 1.0.0 or later but before 1.2.5
langchain-core version: less than 0.3.81

Resolved Vulnerabilities

Serialization Injection Vulnerability in LangChain (CVE-2025-68664)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-68664

langchain-core version: 1.2.5
langchain-core version: 0.3.81

References

[1] LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm

LangChain Security Update Advisory (CVE-2025-68664)

MongoDB Product Security Update Advisory (CVE-2025-14847)

Ragic Product Security Update Advisory (CVE-2025-15016)

Tags:

MongoDB Product Security Update Advisory (CVE-2025-14847)

Ragic Product Security Update Advisory (CVE-2025-15016)