ByteOS Network

NVD Vulnerability Details :

CVE-2025-65106

Awaiting Analysis

Source-security-advisories@github.com

Published At-21 Nov, 2025 | 22:16

Updated At-25 Nov, 2025 | 22:16

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.3	HIGH	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 8.3

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-1336	Primary	security-advisories@github.com

CWE ID: CWE-1336

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a	security-advisories@github.com	N/A
https://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00	security-advisories@github.com	N/A
https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f	security-advisories@github.com	N/A