LangChain CVE-2025-68664: what does it mean for AI workflows?

TL;DR: A critical LangChain deserialization flaw, CVE-2025-68664, can expose environment secrets and trigger unintended internal actions when attacker-controlled LLM output reaches vulnerable serialization paths, according to Orca Security. The issue shows that prompt injection can become a data theft and code execution problem when AI workflow outputs are treated as trusted objects.

NHIMG editorial — based on content published by Orca Security: LangChain deserialization flaw exposing secrets through prompt injection

By the numbers:

• CVE-2025-68664 carries a CVSS score of 9.3.

Questions worth separating out

Q: What breaks when AI output is allowed to drive object deserialization?

A: The trust boundary breaks.

Q: Why does prompt injection become more serious when serialization is involved?

A: Prompt injection is more serious when serialization is involved because the attack payload can stop being content and start becoming structure.

Q: How can security teams reduce secret exposure in LLM-driven workflows?

A: Security teams should remove secret access from any code path that accepts model output, enforce strict schema validation, and keep environment variables out of deserialization pathways.

Practitioner guidance

• Eliminate direct deserialization of model output Keep LLM responses as inert strings or strictly validated schemas.
• Separate secret-bearing runtime paths from AI outputs Review where environment variables, API keys, and tokens are accessible to workflows that consume model output.
• Patch vulnerable LangChain components immediately Upgrade LangChain to 1.2.5 and LangChain Core to 0.3.81, then verify that all applications and dependent services stop using the vulnerable serialization logic in internet-facing or data-critical deployments.

What's in the full article

Orca Security's full article covers the operational detail this post intentionally leaves for the source:

• Version-specific patch guidance for LangChain Core and LangChain deployments affected by CVE-2025-68664
• The exact deserialization path and reserved-key handling that enables the `lc` object confusion issue
• Examples of impacted applications that accept LLM output metadata and feed it into structured parsing logic
• Exposure prioritization based on runtime reachability, internet accessibility, and asset criticality

👉 Read Orca Security's analysis of the LangChain deserialization vulnerability →

LangChain CVE-2025-68664: what does it mean for AI workflows?

Explore further

View Full Forum →  |  NHI Foundation Course →