CVE-2025-68665

LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JSs toJSON() method (and subsequently when string-ifying objects using JSON.stringify(). The method did not escape objects with lc keys when serializing free-form data in kwargs. The lc key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in @langchain/core versions 0.3.80 and 1.1.8, and langchain versions 0.3.37 and 1.2.3

Weakness

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Potential Mitigations

• Make fields transient to protect them from deserialization.
• An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/586.html

References

• https://github.com/langchain-ai/langchainjs/commit/e5063f9c6e9989ea067dfdff39262b9e7b6aba62
• https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcore%401.1.8
• https://github.com/langchain-ai/langchainjs/releases/tag/langchain%401.2.3
• https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6
• https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6