CVE-2025-64439: 
Python 脆弱性の分析と軽減

A remote code execution (RCE) vulnerability was discovered in LangGraph's JsonPlusSerializer component (CVE-2025-64439), affecting all versions of langgraph-checkpoint prior to version 3.0. The vulnerability exists in the default serialization protocol used for checkpointing and was disclosed on November 5, 2025. The flaw affects applications that allow untrusted data to be persisted into checkpoints and use the default serializer or explicitly instantiate JsonPlusSerializer (Miggo, Security Online).

The vulnerability occurs when the serializer falls back to using 'json' mode after failing to use the default 'msgpack' serialization due to illegal Unicode surrogate values. In this mode, the deserializer supports a constructor-style format (lc 2, type 'constructor') that allows custom objects to be reconstructed during load time. This implementation can be exploited to execute arbitrary Python functions during deserialization. The vulnerability has been assigned a CVSS score of 7.4 (High severity) (GitHub Advisory).

If successfully exploited, an attacker can execute arbitrary Python code on affected systems with the same privileges as the running process. This is particularly concerning given LangGraph's role in managing complex, long-running agent workflows and its reported 20 million monthly downloads. The vulnerability poses significant risks to applications using it for persistence, especially in production environments where LangGraph is integrated into agents or backend services (Security Online).

Users are strongly advised to upgrade immediately to langgraph-checkpoint version 3.0.0, which patches the vulnerability by introducing an allow-list for constructor deserialization and removing the unsafe JSON fallback path. The update is fully compatible with langgraph>=0.3 and requires no import changes or code modifications. For users of langgraph-api, updating to version 0.5 or later will automatically include the patched version of the checkpointer library (GitHub Advisory).