Home > Vulnerability Database > CVE-2025-67644

Mend.io Vulnerability Database

CVE-2025-67644

Good to know:

Date: December 10, 2025

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1.

Severity Score

7.3

Related Resources (5)

Url: https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c

Url: https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a

Url: https://github.com/langchain-ai/langgraph

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67644

Url: https://www.mend.io/vulnerability-database/CVE-2025-67644

Severity Score

7.3

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version langgraph-checkpoint-sqlite - 3.0.1;https://github.com/langchain-ai/langgraph.git - checkpointsqlite==3.0.1

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67644

Good to know:

Date: December 10, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?