Vulnerability Description
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. This vulnerability is fixed in 2.0.11.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/langchain-ai/langgraph/commit/bc9d45b476101e441cb1cc602dea03e
- https://github.com/langchain-ai/langgraph/security/advisories/GHSA-7p73-8jqx-23r
- https://github.com/langchain-ai/langgraph/security/advisories/GHSA-7p73-8jqx-23r
FAQ
What is CVE-2025-64104?
CVE-2025-64104 is a vulnerability with a CVSS score of 7.3 (HIGH). LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contain...
How severe is CVE-2025-64104?
CVE-2025-64104 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-64104?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.