{"data":{"id":"81fe28c4-2efc-4726-aff7-e15517be9588","title":"CVE-2025-8709: A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite st","summary":"A SQL injection vulnerability (a type of attack where an attacker inserts malicious SQL code into an application) exists in LangGraph's SQLite storage system, specifically in version 2.0.10 of langgraph-checkpoint-sqlite. The vulnerability happens because the code directly combines user input with SQL commands instead of safely separating them, allowing attackers to steal sensitive data like passwords and API keys, and bypass security protections.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-8709","publishedAt":"2025-10-26T10:15:48.680Z","cveId":"CVE-2025-8709","cweIds":["CWE-89"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LangChain","LangGraph","langgraph-checkpoint-sqlite"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00036,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-66"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}