PyPI: langchain-core
CVE-2025-65106
Safety vulnerability ID: SFTY-20251120-50282
Safety legacy ID: pyup.io-81791
Affected versions of the langchain-core package are vulnerable to Template Injection due to improper neutralization of attribute access and indexing expressions in prompt templates constructed from untrusted input. The ChatPromptTemplate class and related prompt template implementations for f-string, Mustache, and Jinja2 formats allow attacker-controlled template strings such as {msg.class.name} or {{question.parse_raw}} to traverse Python object attributes and dictionary-style lookups, exposing internal properties like class metadata or globals when complex objects such as HumanMessage or other message objects are passed into the template context.
Overview
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
Advisory
Affected versions of the langchain-core package are vulnerable to Template Injection due to improper neutralization of attribute access and indexing expressions in prompt templates constructed from untrusted input. The ChatPromptTemplate class and related prompt template implementations for f-string, Mustache, and Jinja2 formats allow attacker-controlled template strings such as {msg.class.name} or {{question.parse_raw}} to traverse Python object attributes and dictionary-style lookups, exposing internal properties like class metadata or globals when complex objects such as HumanMessage or other message objects are passed into the template context.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20251120-50282/CVE-2025-65106
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65106
- https://github.com/advisories/GHSA-6qv9-48xg-fc7f
- https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f
- https://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a
- https://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00
- https://nvd.nist.gov/vuln/detail/CVE-2025-65106
- https://github.com/advisories/GHSA-6qv9-48xg-fc7f
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more