ByteOS Network

NVD Vulnerability Details :

CVE-2025-67644

Awaiting Analysis

Source-security-advisories@github.com

Published At-11 Dec, 2025 | 00:16

Updated At-12 Dec, 2025 | 15:18

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.3	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 7.3

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-89	Primary	security-advisories@github.com

CWE ID: CWE-89

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a	security-advisories@github.com	N/A
https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c	security-advisories@github.com	N/A

Hyperlink: https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History