Home > Vulnerability Database > CVE-2025-65106

Mend.io Vulnerability Database

CVE-2025-65106

Good to know:

Date: November 21, 2025

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.

Severity Score

8.2

Related Resources (6)

Url: https://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-65106

Url: https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f

Url: https://github.com/langchain-ai/langchain

Url: https://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00

Url: https://www.mend.io/vulnerability-database/CVE-2025-65106

Severity Score

8.2

Weakness Type (CWE)

Improper Neutralization of Special Elements Used in a Template Engine

CWE-1336

Top Fix

Upgrade Version

Upgrade to version langchain-core - 1.0.7;langchain-core - 0.3.80;langchain-core - 1.0.7;https://github.com/langchain-ai/langchain.git - langchain-core==1.0.7;https://github.com/langchain-ai/langchain.git - langchain-core==0.3.80

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-65106

Good to know:

Date: November 21, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?