CVE-2025-68665 is a deserialization of untrusted data vulnerability (CWE-502) found in the LangChain JS framework, specifically in the toJSON() method used for serializing objects. LangChain is a popular framework for building applications powered by large language models (LLMs). The vulnerability exists in versions prior to @langchain/core 0.3.80 and 1.1.8, and langchain 0.3.37 and 1.2.3. The root cause is that the toJSON() method does not properly escape objects containing the 'lc' key, which LangChain uses internally to identify serialized objects. When user-supplied data includes this 'lc' key structure, the deserialization process treats it as a legitimate LangChain object rather than plain data, enabling serialization injection attacks. This can allow an attacker to inject malicious payloads during deserialization, potentially leading to unauthorized data disclosure or manipulation. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. Although no active exploits have been reported, the CVSS 3.1 base score of 8.6 indicates a high-severity issue primarily impacting confidentiality with network attack vector and low attack complexity. The scope is changed as the vulnerability affects multiple versions and potentially many applications built on LangChain JS. The issue has been addressed by the LangChain development team in the specified patched versions, which properly escape the 'lc' key during serialization to prevent injection. Organizations using vulnerable versions should prioritize upgrading to these fixed releases to mitigate risk.

For European organizations, the impact of CVE-2025-68665 can be significant, especially those leveraging LangChain JS in their AI and LLM-powered applications. The vulnerability allows attackers to inject malicious serialized objects, potentially leading to unauthorized access to sensitive data or manipulation of application logic. This compromises confidentiality without affecting integrity or availability directly but could lead to further chained attacks. Given the network-exploitable nature and no requirement for authentication, attackers can remotely target vulnerable systems, increasing the attack surface. Organizations in sectors such as finance, healthcare, and government that handle sensitive data and are adopting AI technologies are at heightened risk. Data breaches resulting from this vulnerability could lead to regulatory penalties under GDPR and damage to reputation. Additionally, the widespread adoption of LangChain in AI development across Europe means that many applications could be affected if not promptly patched. The lack of known exploits in the wild provides a window for proactive defense, but the high CVSS score warrants urgent remediation.

1. Immediately upgrade all instances of @langchain/core to versions 0.3.80 or 1.1.8 and langchain to versions 0.3.37 or 1.2.3 or later, as these contain the patch that properly escapes 'lc' keys during serialization. 2. Audit existing applications for usage of vulnerable LangChain versions and prioritize patching those exposed to untrusted input. 3. Implement strict input validation and sanitization to prevent untrusted data containing 'lc' keys from reaching serialization routines. 4. Employ runtime application self-protection (RASP) or web application firewalls (WAFs) with custom rules to detect and block suspicious serialized payloads containing 'lc' keys. 5. Monitor application logs for anomalous deserialization activities or unexpected JSON structures indicative of exploitation attempts. 6. Educate development teams about secure serialization practices and the risks of deserialization vulnerabilities. 7. For critical deployments, consider isolating or sandboxing components that perform deserialization to limit potential impact. 8. Stay informed about any emerging exploits or additional patches from LangChain maintainers.