Remote Code Execution Vulnerability in LangGraph SQLite Checkpoint by LangChain AI

CVE-2025-64439

What is CVE-2025-64439?

CVE-2025-64439 is a remote code execution vulnerability found in the LangGraph SQLite Checkpoint component of the LangChain AI framework. This vulnerability primarily affects versions 2.1.2 and earlier and is linked to the JsonPlusSerializer, which is utilized for serializing and deserializing data during checkpointing operations. When the JsonPlusSerializer attempts to handle payloads saved in "json" format, it could be manipulated into executing arbitrary code if specific illegal Unicode surrogate values are encountered. Prior to the introduction of version 3.0.0, the serializer would default to the "json" serialization mode if it could not complete the process using the more secure "msgpack" method. As a result, this flaw can expose organizations to significant security risks, allowing malicious actors to gain control over systems or execute unwanted commands if they successfully exploit the vulnerability.

Potential impact of CVE-2025-64439

1. Remote Code Execution: Attackers can execute arbitrary code on affected systems, leading to full system compromise. This could allow them to install malware, exfiltrate sensitive data, or disrupt services.

2. Data Integrity Risks: Exploitation may result in unauthorized modifications to application data, affecting data integrity. This can lead to corruption of stored information and loss of trust in the system's reliability.

3. Operational Disruption: Successful exploitation could hinder operations by either crashing the application or causing unintended changes, leading to downtime and potentially significant financial losses for organizations relying on the LangChain AI framework.

References