A critical vulnerability has been identified in multiple Langchaingo products, assigned CVE-2025-9556 with a CVSS score of 9.8. The flaw allows an unauthenticated attacker to read arbitrary files from the underlying server by submitting a specially crafted prompt. Successful exploitation could lead to the exposure of sensitive data, such as credentials and private keys, resulting in a complete system compromise.

The vulnerability exists because the Langchaingo library utilizes the Gonja v1.5.3 template engine to parse Jinja2 syntax within user-supplied prompts. The Gonja engine supports include and extends directives which can be used to read and embed content from local files. The library fails to properly sanitize or restrict the paths used in these directives, creating a template injection vulnerability that leads to Arbitrary File Read. An attacker can exploit this by crafting a prompt containing a malicious payload, such as {{ include('/etc/passwd') }}, which forces the application to read the specified file and potentially include its contents in the output.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could have a devastating impact on the business, leading to a severe data breach. An attacker could exfiltrate highly sensitive information, including application source code, database credentials, API keys, and private SSL certificates. This exposure could result in significant financial loss, regulatory fines, reputational damage, and a complete loss of customer trust. Access to these sensitive files could also serve as a pivot point for an attacker to achieve remote code execution and gain full control over the affected system and move laterally within the network.

Immediate Action: Immediately apply the security updates provided by the vendor. Update all instances of affected Langchaingo products to the latest patched version to mitigate this vulnerability. After patching, thoroughly review application and system logs for any evidence of exploitation attempts that may have occurred before the patch was applied.

Proactive Monitoring: Implement enhanced logging and monitoring to detect exploitation attempts. Specifically, monitor application logs for user-supplied prompts containing Jinja2/Gonja keywords like include and extends, especially when combined with file path traversal sequences (../) or absolute paths (/etc/, C:\). Monitor for unusual file access patterns from the application's service account and alert on any access to sensitive system or configuration files.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with custom rules to block requests containing malicious template syntax. As an interim measure, apply strict input validation to sanitize user-provided prompts, removing or rejecting any Jinja2-like syntax before it is processed by the backend. Running the application in a restricted, containerized environment with a minimal read-only file system can also limit the impact of a successful exploit.

Public Exploit Available: false

Due to the critical severity (CVSS 9.8) of CVE-2025-9556, we recommend immediate and prioritized remediation. The potential for complete system compromise through sensitive file disclosure represents an unacceptable risk. All system owners must apply the vendor-supplied patches without delay. While this CVE is not yet on the CISA KEV list, its high impact score indicates it is a prime candidate for future inclusion. Organizations must treat this as an active threat and implement both patching and proactive monitoring controls immediately.