CVE-2025-65106 HIGH

CVE-2025-65106: LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates

Vendor Langchain-Ai
Product langchain
Weakness CWE-1336
Published November 21, 2025
Last update November 21, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.

Key dates

02Disclosure timeline

November 21, 2025 CVE published
November 21, 2025 Record updated