CVE-2025-64104: 
Python vulnerability analysis and mitigation

LangGraph SQLite Checkpoint, an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite), was found to contain SQL injection vulnerabilities in versions prior to 2.0.11. The vulnerability (CVE-2025-64104) was discovered on October 29, 2025, affecting the SQLite store implementation which contains SQL injection vulnerabilities using direct string concatenation without proper parameterization (GitHub Advisory, NVD).

The vulnerability exists in the SqliteStore component where filter keys in the search method are directly concatenated into SQL queries without proper sanitization. The key portion of the JSON path is concatenated directly into the SQL string without escaping, while only the value portion receives basic escaping. The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N (GitHub Advisory, Miggo).

The vulnerability allows attackers to inject arbitrary SQL and bypass access controls. When exploited, attackers can access unauthorized data by manipulating the filter keys in SQL queries. This particularly affects applications that use the checkpoint-sqlite store and build filter arguments using untrusted or user-supplied input (GitHub Advisory).

The vulnerability has been fixed in version 2.0.11 of the langgraph-checkpoint-sqlite package. The fix introduces a new function validatefilter_key that validates filter keys to contain only safe characters (alphanumeric, underscores, dots, and hyphens). Users should upgrade to version 2.0.11 or later. For those unable to upgrade immediately, it's recommended to validate/allowlist filter keys before passing them to the store (GitHub Commit).