CVE-2025-67644

Published: Dec 11, 2025Modified: Mar 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1.

Affected (1)

Products: Langchain: Langgraph Checkpoint Sqlite

1 product

Langgraph Checkpoint Sqlite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Langchain Langgraph Checkpoint Sqlite	Before 3.0.1

Related CWEs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (2)

https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a

Source: security-advisories@github.com

Patch

https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c

Source: security-advisories@github.com

ExploitVendor Advisory

Timeline

No history available yet.