CVE-2025-64439 HIGH

CVE-2025-64439: LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

Vendor Langchain-Ai
Product langgraph
Weakness CWE-502 · Unsafe deserialization
Published November 7, 2025
Last update November 7, 2025

CVSS base score

7.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 2.1.2 and below, the JsonPlusSerializer (used as the default serialization protocol for all checkpointing) contains a Remote Code Execution (RCE) vulnerability when deserializing payloads saved in the "json" serialization mode. By default, the serializer attempts to use "msgpack" for serialization. However, prior to version 3.0 of the checkpointer library, if illegal Unicode surrogate values caused serialization to fail, it would fall back to using the "json" mode. This issue is fixed in version 3.0.0.

Key dates

02Disclosure timeline

November 7, 2025 CVE published
November 7, 2025 Record updated