Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

LangChain Core Vulnerability: LangGrinch Exposes Secrets

LangChain Core versions 1.0.0 to 1.2.5 and below 0.3.81 contain a critical vulnerability, CVE-2025-68664 (CVSS 9.3), dubbed “LangGrinch,” allowing attackers to steal secrets and inject prompts. This flaw stems from improper escaping of dictionaries with ‘lc’ keys during serialization.

Why This Matters

Idealized LLM applications assume controlled inputs, but real-world deployments face injection attacks. This vulnerability demonstrates how a serialization flaw can bypass security measures, potentially exposing sensitive credentials stored in environment variables or allowing malicious code execution via Jinja2 templates. The potential impact ranges from data breaches to complete system compromise, representing a significant risk for organizations relying on LangChain.

Key Insights

• CVE-2025-68664: A critical vulnerability in LangChain Core discovered December 4, 2025.
• Serialization Injection: Occurs when untrusted data is serialized and deserialized without proper sanitization, allowing attackers to inject malicious objects.
• LangChain Updates: Patches released in versions 1.2.5 and 0.3.81 introduce allowlists and disable default Jinja2 template support to mitigate the risk.

Practical Applications

• Use Case: Financial institutions using LangChain for chatbot applications could have API keys or database credentials exposed.
• Pitfall: Relying on default settings like secrets_from_env=True without understanding the security implications.

References:

• https://thehackernews.com/2025/12/critical-langchain-core-vulnerability.html