All I Want for Xmas Is Your Secrets: LangGrinch Hits LangChain (CVE-2025-68664) (cyata.ai)

LangChain has issued a critical security advisory regarding a vulnerability (CVE-2025-68664) found in its core library, langchain-core, which could allow malicious actors to exploit secret management features. This vulnerability stems from the improper handling of user-controlled data in the serialization process. Specifically, the functions dumps() and dumpd() failed to escape dictionaries containing the 'lc' key, which incorrectly allowed attackers to instantiate arbitrary objects when deserializing. With LangChain being one of the most widely deployed AI frameworks, boasting hundreds of millions of downloads, the implications of this vulnerability are significant, as it opens pathways for sensitive information extraction, including environment variables, and potentially arbitrary code execution. The advisory highlights twelve distinct vulnerable flows, particularly emphasizing how common LLM output fields can be easily manipulated. Exploiting this vulnerability could lead to serious security breaches through prompt injection, where attacker-crafted inputs interact with LangChain's serialization processes. The LangChain team has responded effectively, promptly releasing patches in versions 1.2.5 and 0.3.81 and emphasizing the need for users to update immediately. With a CVSS score of 9.3, this vulnerability illustrates the critical intersection of AI technology and traditional security concerns, alerting the community to the necessity of treating outputs from AI models as untrusted inputs.