Cyata discloses LangGrinch (CVE-2025-68664), a critical LangChain Core serialization injection bug where untrusted, LLM-influenced metadata can be rehydrated as objects, enabling secret leaks and unsafe instantiation. Patch guidance included.

Hacker News is a community-driven platform for sharing and discussing technology news, startups, and programming-related topics. Through user submissions and comments, Hacker News offers insights into emerging technology trends, industry developments, and entrepreneurial ventures. Readers can participate in discussions, share their insights, and stay informed about the latest advancements in technology and innovation.

Hacker News

A critical deserialization vulnerability (CVE-2025-68664) was discovered in LangChain Core's dumps()/dumpd() functions, where untrusted dictionaries containing the reserved 'lc' key could be serialized and later deserialized as LangChain objects. This enables attackers to extract secrets from environment variables (previously enabled by default) and instantiate arbitrary objects within approved namespaces. The vulnerability can be triggered through LLM outputs influencing fields like additional_kwargs or response_metadata, making it exploitable via prompt injection. Patches are available in versions 1.2.5 and 0.3.81, with a CVSS score of 9.3 (Critical). The issue affects one of the most widely deployed AI frameworks with hundreds of millions of installs.

All I Want for Christmas Is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664) - Cyata

My research story: how I stumbled into it

Defensive guidance: how to respond in production

How Cyata helps: visibility, risk assessment, control, governance