AI Threat Alert

CVE-2025-46059

CRITICAL
Published July 29, 2025

langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise...

Full analysis pending. Showing NVD description excerpt.

Severity & Risk

CVSS 3.1
9.8 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the code-execution issue was introduced by user-written code that does not adhere to the LangChain security practices.

Weaknesses (CWE)

CWE-94

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Timeline

Published
July 29, 2025
Last Modified
August 4, 2025
First Seen
July 29, 2025
Back to Threat Feed