tag: Langchain · 1 items
- Engineer — Act: A public PoC exists for this critical langchain-core flaw, making exploitation practical for any AI pipeline that processes untrusted input; audit Python environments and upgrade langchain-core to the patched release immediately.
- SOC/IR — Plan: No active exploitation campaign observed (EPSS 0.14, not KEV-listed), but the public PoC warrants building detections for anomalous subprocess or file-system activity spawned from LangChain worker processes before exploitation picks up.
- Leader — Skip
- Signals: CVE-2025-68664 — CISA KEV: not listed, EPSS 0.14, public PoC on GitHub