cbcvebase.
CVE-2025-6984
published 2025-09-04

CVE-2025-6984: The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing…

PriorityP258high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.53%
71.6th percentile
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse() without disabling external entity references, which can lead to sensitive information disclosure. An attacker could exploit this by crafting a malicious XML payload that references local files, potentially exposing sensitive data such as /etc/passwd.

Affected

1 ranges
VendorProductVersion rangeFixed in
langchain-ailangchain-ai_langchainunspecified – latest

Detection & IOCsextracted from sources · hover to see the quote

commandetree.iterparse()
versionlangchain-community 0.3.63
  • Look for EverNoteLoader instantiation with XML files containing DOCTYPE declarations and ENTITY references pointing to local file paths (e.g., file:///etc/passwd); these are hallmarks of XXE exploitation attempts against this component.
  • Monitor for XML payloads processed by EverNoteLoader that include external entity declarations (<!DOCTYPE ... <!ENTITY ... SYSTEM ...>); the vulnerable code path is etree.iterparse() without external entity restrictions.
  • Detection rule should match output or file-read responses containing strings like 'root:', 'bin:', or 'daemon:' when originating from a LangChain EverNoteLoader document-loading operation, indicating successful /etc/passwd exfiltration.
  • The fix is tracked in commit e842452 of langchain-community; compare pre/post-patch behavior of EverNoteLoader XML parsing to validate remediation.
  • ·Only langchain-community version 0.3.63 is confirmed affected; the vulnerability is specific to the EverNoteLoader component and its use of etree.iterparse() without external entity restrictions.
  • ·Red Hat notes that mitigation is either not available or currently available options do not meet their criteria; the openshift-lightspeed/lightspeed-service-api-rhel9 package is confirmed Affected, while most Ansible Automation Platform and RHEL AI packages are Not affected.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.