1  info:
 2    name: langchain
 3    cve: CVE-2025-6985
 4    summary: XXE vulnerability in LangChain's HTMLSectionSplitter due to unsafe XSLT parsing
 5    details: |
 6      The `HTMLSectionSplitter` class in `langchain-text-splitters` is vulnerable to XML External Entity (XXE) attacks caused by unsafe XSLT processing. It uses `lxml.etree.parse()` and `lxml.etree.XSLT()` without proper restrictions, allowing attackers to inject malicious XSLT stylesheets. These can lead to local file disclosures or server-side request forgery via the `document()` function. In lxml versions up to 4.9.x, external entities are enabled by default, while in 5.0+, although entity expansion is restricted, XSLT functions may still pose risks unless access controls like `XSLTAccessControl` are enforced. This flaw enables unauthenticated remote attackers to read sensitive files accessible to the application process.
 7    cvss: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
 8    severity: HIGH
 9    security_advise: |
10      1. Upgrade `langchain-text-splitters` to version 0.3.9 or later.
11      2. Avoid using custom or untrusted XSLT stylesheets with `HTMLSectionSplitter`.
12      3. Apply `XSLTAccessControl` when using lxml to restrict document access in XSLT transformations.
13  rule: version >= "0" && version < "0.3.9"
14  references:
15    - https://nvd.nist.gov/vuln/detail/CVE-2025-6985
16    - https://github.com/langchain-ai/langchain/pull/31819
17    - https://github.com/langchain-ai/langchain/commit/43eef435505a1c907227b724c0c760ad5fc01790
18    - https://github.com/langchain-ai/langchain
19    - https://huntr.com/bounties/cf78abbb-df3b-43de-b6ee-132b73ff8331