cbcvebase.
CVE-2025-2828
published 2025-06-23

CVE-2025-2828: A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically…

PriorityP274critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
14.06%
96.1th percentile
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.

Affected

5 ranges
VendorProductVersion rangeFixed in
langchain-ailangchain-ai_langchain>= unspecified < 0.0.280.0.28
langchainlangchain< 0.0.280.0.28
msrccbl2_bind_9.16.33-2_on_cbl_mariner_2.0
msrccbl2_dhcp_4.4.2-5_on_cbl_mariner_2.0
msrccm1_bind_9.16.37-2_on_cbl_mariner_1.0

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable component is langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit in langchain-community version 0.0.27; the toolkit does not enforce restrictions on requests to remote internet addresses, allowing access to local addresses
  • Exploitation patterns to detect include outbound requests to cloud instance metadata endpoints (e.g., AWS 169.254.169.254, Azure 169.254.169.254/metadata), internal/loopback addresses, and port-scan-style sequential requests originating from a langchain-community agent process
  • ·The vulnerability is fixed in langchain-community version 0.0.28; any deployment still running version 0.0.27 is affected and should be upgraded
  • ·No Red Hat products are impacted as the affected package version is not used in any Red Hat product

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv3.08.4HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
vendor_redhat10.0CRITICAL
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.