A high-severity vulnerability has been identified in the LangGraph SQLite Checkpoint component, which affects multiple LangGraph products. This flaw, identified as CVE-2025-64104, could allow an unauthenticated remote attacker to execute arbitrary commands on the underlying SQLite database. Successful exploitation could lead to unauthorized data access, modification, or a denial of service by corrupting application state data.

The LangGraph SQLite Checkpoint component is vulnerable to a SQL injection attack. The component fails to properly sanitize user-supplied input when constructing SQL queries to save or retrieve application checkpoints from the SQLite database. An unauthenticated remote attacker can submit specially crafted input to an application utilizing this component, which is then passed directly into a SQL query, allowing the attacker to execute arbitrary SQL commands within the context of the application's database permissions.

This vulnerability is rated as High severity with a CVSS score of 7.3. Exploitation could have a significant business impact by compromising the confidentiality, integrity, and availability of application data. An attacker could potentially read sensitive checkpoint data, manipulate application states to alter business logic or outcomes, or delete checkpoint information, causing a denial of service for stateful applications that rely on this feature. This poses a direct risk of data breaches, application instability, and reputational damage.

Immediate Action: Apply vendor security updates immediately across all systems utilizing the affected LangGraph products. After patching, it is critical to monitor for any signs of post-remediation exploitation attempts and to thoroughly review historical access and application logs for indicators of compromise prior to the patch.

Proactive Monitoring: Implement enhanced monitoring on affected applications. Security teams should look for unusual or malformed SQL queries in application logs, particularly those containing SQL keywords like UNION, SELECT, --, or escape characters. Monitor for unexpected database errors or an unusual number of read/write operations on the SQLite checkpoint files.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL injection patterns. Additionally, consider implementing stricter input validation at the application layer as a temporary measure to sanitize data before it is passed to the LangGraph checkpointing function.

Public Exploit Available: false

Given the high severity (CVSS 7.3) of this SQL injection vulnerability, organizations are urged to treat this as a critical priority. All system owners should immediately identify assets running the affected LangGraph software and apply the necessary security updates without delay. While this vulnerability is not currently listed on the CISA KEV list, its potential for direct data manipulation and service disruption makes it a significant threat that requires immediate attention.