CVE-2025-46059
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langchain-ai | langchain | * |
| langchain-ai | gmailsdk | * |
| langchain-ai | langchain_community | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-46059 is a remote code injection vulnerability in the LangChain framework's Gmail agent (GmailToolkit component). It occurs because the agent processes and executes commands embedded within incoming email bodies without validating whether these commands align with the user's original instructions. An attacker can send a specially crafted email that causes the agent to perform unauthorized actions such as reading sensitive emails, creating drafts, and sending emails containing private information to the attacker, effectively hijacking control of the victim's email agent. [1]
How can this vulnerability impact me? :
This vulnerability can lead to a complete compromise of your email account managed by the LangChain Gmail agent. An attacker can remotely execute arbitrary commands via crafted emails, allowing them to read your sensitive emails, extract private information (such as payment details), create drafts, and send emails on your behalf without authorization. This results in unauthorized data exfiltration and loss of control over your email communications. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for unusual or unauthorized API calls made by the LangChain Gmail agent, especially those triggered by incoming emails. Since the vulnerability allows execution of commands embedded in email bodies, inspecting logs for unexpected email agent activity such as searching for emails from sensitive senders (e.g., [email protected]), drafting emails with extracted sensitive data, or sending emails without user initiation can indicate exploitation. Specific commands are not provided, but reviewing agent execution logs and monitoring outgoing emails for suspicious content is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves implementing an intent-verification module that validates all API calls generated by the language model to ensure they strictly correspond to the user's explicit instructions. This prevents execution of commands derived from malicious email content. Additionally, restricting or disabling the GmailToolkit component until a patch or update is available can reduce risk. [1]