CRITICAL🇵🇱 Wersja polska

CVE-2025-2828

CVSS 10.0v3.1pub. 2025-06-23upd. 2025-07-16

A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.

🤖 AI Analysis
How it works

The vulnerability stems from lack of validation of target URLs in the langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit component. The toolkit executes HTTP requests to both remote and local network addresses, not distinguishing between traffic to the internet and traffic directed to internal infrastructure. An attacker can craft a malicious request that will be forwarded by the server to local services or instance metadata endpoints (e.g., AWS EC2 Metadata Service, Azure Instance Metadata Service). This results in unauthorized access to resources not directly accessible from the outside.

Impact

An attacker can perform internal network port scanning, gain access to local services, and retrieve sensitive cloud instance metadata (including access keys, authentication tokens) from environments such as AWS or Azure. Combined with a maximum CVSS score of 10.0 and a scope exceeding the attacked application (Scope: Changed), the consequences may include complete takeover of the cloud environment.

Mitigation & patch

Update the langchain-community package to version 0.0.28 or later, in which the issue has been fixed. The fix is available in the project repository (commit e188d4ecb085d4561a0be3c583d26aa9c2c3283f).

Who is affected

langchain-community version 0.0.27 (langchain-ai/langchain package), component langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Langchain

    APP
    Langchain
    < 0.0.28
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2024-7042CRITICAL9.8PL ✓ten sam produkt

SQL injection przez prompt injection w LangChain GraphCypherQAChain

CVE-2024-8309CRITICAL9.8PL ✓ten sam produkt

SQL injection przez prompt injection w LangChain GraphCypherQAChain

CVE-2023-39631CRITICAL9.8ten sam produkt

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluat...

CVE-2023-36281CRITICAL9.8ten sam produkt

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_pro...

CVE-2023-38860CRITICAL9.8ten sam produkt

An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.