What is CVE-2025-67644?

CVE-2025-67644 is a high-severity vulnerability in Langchain Langgraph-checkpoint-sqlite, classified under SQL Injection. CVSS score: 7.3/10. Published 2025-12-11.

How severe is CVE-2025-67644?

High severity. CVSS v3 base score is 7.3 out of 10.

Is CVE-2025-67644 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Langchain Langgraph-checkpoint-sqlite

CVE-2025-67644

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpo…

Vulnerability class: SQL Injection

EPSS: 0.002 (14.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N.

Affected products

Langchain Langgraph-checkpoint-sqlite
Langchain-ai Langgraph — versions < 3.0.1

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

mbanyamer/CVE-2025-67644-LangGraph-3.0.1-SQLite-Checkpoint-SQL-Injection

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)
security-advisories@github.com (Patch, x_refsource_MISC)

Frequently asked questions

What is CVE-2025-67644?: CVE-2025-67644 is a high-severity vulnerability in Langchain Langgraph-checkpoint-sqlite, classified under SQL Injection. CVSS score: 7.3/10. Published 2025-12-11.
How severe is CVE-2025-67644?: High severity. CVSS v3 base score is 7.3 out of 10.
Is CVE-2025-67644 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.