CVE-2025-8709: 
Python vulnerability analysis and mitigation

A SQL injection vulnerability was discovered in the LangGraph's SQLite store implementation within the langchain-ai/langchain repository. The vulnerability affects version 2.0.10 of the langgraph-checkpoint-sqlite package. This security issue was disclosed on October 26, 2025, and received a CVSS v3.0 base score of 7.3 (High) (NVD, Miggo).

The vulnerability stems from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) in the SQLite store implementation. The issue arises when direct string concatenation is used without proper parameterization in the query construction process. The affected components include the SqliteStore.search method, which serves as the entry point, SqliteStore._prepare_batch_search_queries for processing filter criteria, and SqliteStore._get_filter_condition for constructing SQL WHERE clauses (Miggo).

The vulnerability allows attackers to inject arbitrary SQL commands, potentially leading to unauthorized access to all documents stored in the database, exfiltration of sensitive data including passwords and API keys, and complete bypass of application-level security filters (NVD).

The vulnerability has been patched in version 2.0.11 of langgraph-checkpoint-sqlite. The fix introduces a new _validate_filter_key function that implements regular expression validation to allow only safe characters in filter keys. This validation is applied at the beginning of _get_filter_condition and within the _prepare_batch_search_queries loop (Miggo).