1  info:
 2    name: langchain
 3    cve: CVE-2025-64439
 4    summary: LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer.
 5    details: |
 6      Prior to `langgraph-checkpoint` version `3.0`, LangGraph’s `JsonPlusSerializer` (used as the default serialization protocol for all checkpointing) contains a remote code execution (RCE) vulnerability when deserializing payloads saved in the `"json"` serialization mode. If an attacker can cause your application to persist a payload serialized in this mode, they may be able to also send malicious content that executes arbitrary Python code during deserialization.
 7    cvss: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H
 8    severity: HIGH
 9    security_advise: |
10      1. Upgrade immediately to `langgraph-checkpoint==3.0.0`.
11      2. If deploying in `langgraph-api`, update to version `0.5` or later.
12  rule: version < "3.0.0"
13  references:
14    - https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5
15    - https://nvd.nist.gov/vuln/detail/CVE-2025-64439
16    - https://github.com/langchain-ai/langgraph/commit/c5744f583b11745cd406f3059903e17bbcdcc8ac
17    - https://github.com/langchain-ai/langgraph
18    - https://github.com/langchain-ai/langgraph/blob/c5744f583b11745cd406f3059903e17bbcdcc8ac/libs/checkpoint/langgraph/checkpoint/serde/jsonplus.py
19    - https://github.com/langchain-ai/langgraph/releases/tag/checkpoint%3D%3D3.0.0