LangChain Vulnerable to Template Injection via Attribute Access in Prompt...

8.3 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.

Basic Information

ID CVE-2025-65106

Source GitHub_M

Published Nov 21, 2025 at 21:43

Modified Nov 21, 2025 at 21:53

Affected Product

Vendor langchain-ai

Product langchain

Version >= 1.0.0, < 1.0.7

Affected Versions langchain-ai langchain >= 1.0.0, < 1.0.7
langchain-ai langchain < 0.3.80

CWE Classification

CWE-1336

References

{
    "lastseen": "",
    "description": "LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.",
    "published": "2025-11-21T21:43:02.461Z",
    "modified": "2025-11-21T21:53:19.566Z",
    "type": "cve",
    "title": "LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates",
    "source": "GitHub_M",
    "references": "https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f\nhttps://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a\nhttps://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00",
    "id": "CVE-2025-65106",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1336"
    ],
    "cvelist": null,
    "sourceData": "langchain-ai langchain >= 1.0.0, < 1.0.7\nlangchain-ai langchain < 0.3.80",
    "sourceHref": "",
    "cvss": {
        "score": 8.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "langchain",
    "version": ">= 1.0.0, < 1.0.7",
    "vendor": "langchain-ai",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates_CVE-2025-65106