CVE-2025-2828
published 2025-06-23CVE-2025-2828: A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically…
PriorityP274critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
14.06%
96.1th percentile
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| langchain-ai | langchain-ai_langchain | >= unspecified < 0.0.28 | 0.0.28 |
| langchain | langchain | < 0.0.28 | 0.0.28 |
| msrc | cbl2_bind_9.16.33-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_dhcp_4.4.2-5_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_bind_9.16.37-2_on_cbl_mariner_1.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable component is langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit in langchain-community version 0.0.27; the toolkit does not enforce restrictions on requests to remote internet addresses, allowing access to local addresses ↗
- →Exploitation patterns to detect include outbound requests to cloud instance metadata endpoints (e.g., AWS 169.254.169.254, Azure 169.254.169.254/metadata), internal/loopback addresses, and port-scan-style sequential requests originating from a langchain-community agent process ↗
- ·The vulnerability is fixed in langchain-community version 0.0.28; any deployment still running version 0.0.27 is affected and should be upgraded ↗
- ·No Red Hat products are impacted as the affected package version is not used in any Red Hat product ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv3.08.4HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
vendor_redhat10.0CRITICAL
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
LangChain Community SSRF vulnerability exists in RequestsToolkit component
osv·2025-06-23
CVE-2025-2828 [HIGH] LangChain Community SSRF vulnerability exists in RequestsToolkit component
LangChain Community SSRF vulnerability exists in RequestsToolkit component
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.
OSV
CVE-2025-2828: A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain
osv·2025-06-23
CVE-2025-2828 CVE-2025-2828: A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.
GHSA
LangChain Community SSRF vulnerability exists in RequestsToolkit component
ghsa·2025-06-23
CVE-2025-2828 [HIGH] CWE-918 LangChain Community SSRF vulnerability exists in RequestsToolkit component
LangChain Community SSRF vulnerability exists in RequestsToolkit component
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.
Red Hat
langchain-community: SSRF Vulnerability in langchain-community
vendor_redhat·2025-06-23·CVSS 10.0
CVE-2025-2828 [CRITICAL] CWE-918 langchain-community: SSRF Vulnerability in langchain-community
langchain-community: SSRF Vulnerability in langchain-community
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.
A Server-Side Request Forgery (SSRF) flaw was found in the lang
Microsoft
named's configured cache size limit can be significantly exceeded
vendor_msrc·2023-06-13·CVSS 7.5
CVE-2023-2828 [HIGH] CWE-770 named's configured cache size limit can be significantly exceeded
named's configured cache size limit can be significantly exceeded
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
isc: isc
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https:/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-23
Published