CVE-2025-67644
BaseFortify
Publication date: 2025-12-11
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langchain | langgraph-checkpoint-sqlite | to 3.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an SQL injection in LangGraph SQLite Checkpoint versions 3.0.0 and below. It occurs because the _metadata_predicate() function constructs SQL queries by directly inserting metadata filter keys into f-strings without validating them. This allows attackers to manipulate SQL queries if the application accepts untrusted metadata filter keys in checkpoint search operations.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to manipulate SQL queries, potentially leading to unauthorized access or modification of data. This can compromise the confidentiality and integrity of the affected applicationβs data, especially if untrusted metadata filter keys are accepted.
What immediate steps should I take to mitigate this vulnerability?
Upgrade LangGraph SQLite Checkpoint to version 3.0.1 or later, as this version contains the fix for the SQL injection vulnerability. Additionally, avoid accepting untrusted metadata filter keys in checkpoint search operations to prevent exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows attackers to perform SQL injection attacks that can bypass metadata-based access controls and potentially expose confidential checkpoint data. Such unauthorized data exposure can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over personal and sensitive data access and confidentiality. Therefore, the vulnerability negatively impacts compliance by risking unauthorized disclosure of protected information. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by auditing the usage of the LangGraph SQLite checkpoint implementation, specifically checking if the application accepts untrusted metadata filter keys in checkpoint search operations without proper validation. Detection involves reviewing code for unsafe SQL query construction, especially in the _metadata_predicate() function where filter keys are interpolated directly into SQL queries. There are no specific network detection commands provided. However, you can search your codebase for patterns like f-string interpolation of metadata filter keys in SQL queries. For example, searching for code snippets similar to: `f"json_extract(CAST(metadata AS TEXT), '$.{query_key}') {operator}"` could help identify vulnerable code. Additionally, monitoring database query logs for suspicious or malformed SQL queries that include unexpected filter keys might help detect exploitation attempts. Since this is a local vulnerability (Attack Vector: Local), network detection is limited. No explicit commands are provided in the resources. [2, 1]