{"data":{"id":"2650b2d0-7c05-4a8f-9dc6-24cc37285c80","title":"CVE-2025-6984: The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE","summary":"The EverNoteLoader component in langchain-ai/langchain version 0.3.63 has a security flaw that allows XXE (XML External Entity) attacks, where an attacker tricks the XML parser into reading external files by embedding special references in XML input. This could expose sensitive system files like password lists to an attacker.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-6984","publishedAt":"2025-09-04T14:42:33.990Z","cveId":"CVE-2025-6984","cweIds":["CWE-200"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["langchain-ai/langchain","LangChain"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00025,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-116"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}