CVE-2025-67644 HIGH

CVE-2025-67644: LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

Vendor Langchain-Ai

Product langgraph

Weakness CWE-89 · SQLi

Published December 10, 2025

Last update December 11, 2025

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1.

Key dates

02Disclosure timeline

December 10, 2025 CVE published

December 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-67644 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2025-67644: LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

01Description

02Disclosure timeline

03References

04Related CVE