A critical vulnerability in LangChain’s core library (CVE-2025-68664) allows attackers to exfiltrate sensitive environment variables and potentially execute code through deserialization flaws. Discovered by a Cyata researcher and patched just before Christmas 2025, the issue affects one of the most popular AI frameworks with hundreds of millions of downloads. LangChain-core’s dumps() and dumpd() functions failed
The post Critical Langchain Vulnerability Let attackers Exfiltrate Sensitive Secrets from AI systems appeared first on Cyber Security News. Read More
Posted inNews