In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between October 26-27, 2025.
During this period, The National Vulnerability Database published 5, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 1
Medium: 0
Low: 0
Severity Not Assigned: 4
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-8709
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 4.7
Description: A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) where direct string concatenation is used without proper parameterization. This allows attackers to inject arbitrary SQL, leading to unauthorized access to all documents, data exfiltration of sensitive fields such as passwords and API keys, and a complete bypass of application-level security filters.
References: https://huntr.com/bounties/9793f4b3-76f8-44a4-989f-49a2177ee118
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between October 26-27, 2025.
During this period, The National Vulnerability Database published 5, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 1
Medium: 0
Low: 0
Severity Not Assigned: 4
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-8709
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 4.7
Description: A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) where direct string concatenation is used without proper parameterization. This allows attackers to inject arbitrary SQL, leading to unauthorized access to all documents, data exfiltration of sensitive fields such as passwords and API keys, and a complete bypass of application-level security filters.
References: https://huntr.com/bounties/9793f4b3-76f8-44a4-989f-49a2177ee118
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found