What is CVE-2025-64104?

CVE-2025-64104 is a high-severity vulnerability in Langchain-ai Langgraph, classified under SQL Injection. CVSS score: 7.3/10. Published 2025-10-29.

How severe is CVE-2025-64104?

High severity. CVSS v3 base score is 7.3 out of 10.

SQL Injection in Langchain-ai Langgraph

CVE-2025-64104

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using d…

Vulnerability class: SQL Injection

EPSS: 0.002 (5.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N.

Affected products

Langchain-ai Langgraph — versions < 2.0.11

Weakness classification (CWE)

CWE-89 — SQL Injection

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-64104?: CVE-2025-64104 is a high-severity vulnerability in Langchain-ai Langgraph, classified under SQL Injection. CVSS score: 7.3/10. Published 2025-10-29.
How severe is CVE-2025-64104?: High severity. CVSS v3 base score is 7.3 out of 10.