Template Injection Vulnerability in LangChain by LangChain AI
CVE-2025-65106

8.3HIGH

Key Information:

Vendor

Langchain-ai

Status
Langchain
Vendor
CVE Published:
21 November 2025

What is CVE-2025-65106?

LangChain, a framework designed for developing agents and applications powered by large language models (LLMs), has a template injection flaw within its prompt template system. This vulnerability affects versions 0.3.79 and earlier, as well as 1.0.0 through 1.0.6, enabling potential attackers to exploit untrusted template strings beyond mere variables. By leveraging this issue in ChatPromptTemplate and related classes, an adversary can gain unauthorized access to Python object internals, compromising the application's integrity. It's crucial for users to update to LangChain versions 0.3.80 or 1.0.7, where this vulnerability has been successfully patched.

Affected Version(s)

langchain >= 1.0.0, < 1.0.7 < 1.0.0, 1.0.7

langchain < 0.3.80 < 0.3.80

References

https://github.com/langchain-ai/langchain/security/adviso...
x_refsource_CONFIRM
https://github.com/langchain-ai/langchain/commit/c4b6ba25...
x_refsource_MISC
https://github.com/langchain-ai/langchain/commit/fa7789d6...
x_refsource_MISC

CVSS V4

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-65106 : Template Injection Vulnerability in LangChain by LangChain AI