CVE-2025-8709: 
Python vulnerability analysis and mitigation

A SQL injection vulnerability (CVE-2025-8709) was discovered in the langchain-ai/langchain repository, specifically affecting the LangGraph's SQLite store implementation version langgraph-checkpoint-sqlite 2.0.10. The vulnerability was disclosed on October 26, 2025, and received a CVSS v3.0 base score of 7.3 (High) (NVD, RedHat).

The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) in the getfiltercondition() function where direct string concatenation is used without proper parameterization. The JSON key portion of the jsonextract() path is directly concatenated into SQL statements without sanitization, allowing SQL query manipulation. The issue is classified as CWE-89 (SQL Injection) with a CVSS vector string of CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N (RedHat).

This vulnerability enables attackers to inject arbitrary SQL, leading to unauthorized access to all documents, data exfiltration of sensitive fields such as passwords and API keys, and complete bypass of application-level security filters. While it enables full data exposure and access-control bypass within the SQLite store, it does not lead to direct remote code execution or full system compromise (RedHat).

Safe remediation requires eliminating runtime string concatenation of keys by either binding the entire JSON path as a parameter (e.g., jsonextract(value, ?) with a bound f'$.{key}'), or mapping incoming filter keys to a server-side whitelist of trusted JSON paths. Additionally, it is recommended to validate keys with a strict pattern (e.g., ^[A-Za-z0-9.-]+$) and add unit/fuzz tests that assert malicious keys/values cannot alter generated SQL (RedHat).