Bug 2424790 (CVE-2025-68664)

Summary: CVE-2025-68664 langchain-core: LangChain: Arbitrary code execution via serialization injection
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: anpicker, bparees, carogers, dfreiber, drow, erezende, haoli, hasun, hkataria, jajackso, jburrell, jcammara, jfula, jkoehler, jmitchel, jneedle, jowilson, jwong, kegrant, koliveir, kshier, lphiri, mabashia, nyancey, omaciel, ometelka, pbohmill, pbraun, ptisnovs, shvarugh, simaishi, smcdonal, stcannon, syedriko, teagle, tfister, thavo, ttakamiy, vkumar, xdharmai, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in LangChain, a framework for building agents and LLM-powered applications. A remote attacker can exploit a serialization injection vulnerability in LangChain's `dumps()` and `dumpd()` functions. This occurs because the functions do not properly escape dictionaries containing the internal 'lc' key during serialization. When user-controlled data includes this key structure, it is incorrectly processed as a legitimate LangChain object during deserialization, potentially leading to arbitrary code execution.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-23 23:01:16 UTC
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.