LangChain is a popular framework for building applications powered by large language models (LLMs) and intelligent agents. The vulnerability CVE-2025-68664 is a deserialization of untrusted data flaw classified under CWE-502. It exists in the dumps() and dumpd() serialization functions of LangChain versions prior to 0.3.81 and 1.2.5. These functions fail to properly escape or sanitize dictionaries containing the 'lc' key, which LangChain uses internally to identify serialized objects. When user-controlled input includes this 'lc' key, the deserialization process mistakenly treats it as a legitimate LangChain object rather than plain data. This allows an attacker to craft malicious serialized payloads that can execute arbitrary code or manipulate the application’s internal state during deserialization. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The CVSS 3.1 score of 9.3 reflects its critical nature, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact primarily affects confidentiality, allowing attackers to access sensitive data, with some integrity impact but no availability impact. Although no exploits have been reported in the wild yet, the vulnerability’s characteristics make it a high-priority issue for organizations using LangChain in production environments. The flaw was publicly disclosed on December 23, 2025, and patched in versions 0.3.81 and 1.2.5. Organizations should verify their LangChain versions and update immediately to mitigate risk.

For European organizations, the impact of CVE-2025-68664 is significant, especially for those leveraging LangChain in AI-driven applications, automated agents, or data processing pipelines. Successful exploitation can lead to unauthorized disclosure of sensitive information, including proprietary data, user inputs, or internal model parameters, compromising confidentiality. The ability to execute arbitrary code or manipulate deserialization logic may also allow attackers to bypass security controls or escalate privileges within affected systems. Sectors such as finance, healthcare, research institutions, and technology companies that rely on AI frameworks are particularly vulnerable. The vulnerability could disrupt trust in AI applications and lead to regulatory compliance issues under GDPR if personal data is exposed. Given the critical CVSS score and the lack of required authentication, the threat can propagate rapidly if unpatched systems are exposed to the internet or untrusted inputs. Although no known exploits exist currently, the potential for automated exploitation tools to emerge is high, increasing the urgency for mitigation.

1. Immediately upgrade all LangChain deployments to version 0.3.81 or 1.2.5 or later, where the vulnerability is patched. 2. Audit all code paths that utilize LangChain’s dumps() and dumpd() functions to ensure no untrusted user input is serialized without proper validation or sanitization. 3. Implement strict input validation and sanitization to prevent injection of the 'lc' key or similarly structured malicious payloads in user-controlled data. 4. Employ runtime application self-protection (RASP) or behavior monitoring to detect anomalous deserialization activities. 5. Restrict network exposure of services using LangChain serialization to trusted internal networks only, minimizing attack surface. 6. Conduct thorough security testing and code reviews focusing on serialization and deserialization logic. 7. Monitor threat intelligence feeds for emerging exploit attempts targeting this vulnerability. 8. Prepare incident response plans specifically addressing deserialization attacks to enable rapid containment if exploitation occurs.